Re: [SQU] Fw: NTLM authentication, recent logs for Robert Collins

From: Dr. Michael Weller <eowmob@dont-contact.us>
Date: Fri, 27 Oct 2000 13:25:40 +0200 (MESZ)

On Fri, 27 Oct 2000, Robert Collins wrote:

> Caching? The caching works by observing the challenge-authenticate pairs and
> remembering the user details when a succesful login occurs. Note that the
> negotiate struct is useless for this :-[. The helper performs as per normal
> for getting the challenge and sending to squid, but when the authenticate
> request comes in, it doesn't try to login if there is a matching entry in
> the cache.
[...]

Oh, now I suddenly realize what you mean.. Of course, new connection means
a new active challenge in the helper. So this is send to the browser,
whose reply can never match the cache. NOW (finally) I understand what you
mean. Sorry for the confusion.

Well, anyway, performance this way or the other, I just told you my
observation from the logs, that somehow using too many users for the
same challenge does not work.

Do you have instrumentation to snoop MS-Proxy<->DC traffic.. does it also
use the challenges for several users? Or just hashes machine name/ip?

So currently from my logs, the best fix probably is to run one helper
process with a short challenge refresh period larger then 0 (anything less
than 40 minutes should work). Oddly enough this doesn't work with several
connections to the DC in the default config of 30minutes per challenge.

Michael.

--
Michael Weller: eowmob@exp-math.uni-essen.de, eowmob@ms.exp-math.uni-essen.de,
or even mat42b@spi.power.uni-essen.de. If you encounter an eowmob account on
any machine in the net, it's very likely it's me.
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Oct 27 2000 - 05:32:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:00 MST