Re: Fwd:Fw: (SQU) ANNOUNCEMENT: NTLM update

On the sourceforge page (http://squid.sourceforge.net) goto projects, and
then click beside the NTLM project there is a patch entry. Download that
patch and apply to a nightly 2.4 snapshot.

Rob
----- Original Message -----
From: "Craig Fels" <csfels@swbell.net>
To: <squid-users@ircache.net>
Sent: Tuesday, November 14, 2000 3:42 AM
Subject: Re: Fwd:Fw: (SQU) ANNOUNCEMENT: NTLM update

> Robert,
>
> Is there a way to get this new source without using CVS?
>
> Thanks,
> Craig
>
> > ----- Original Message -----
> > From: Robert Collins <robert.collins@itdomain.com.au>
> > To: <squid-users@ircache.net>
> > Sent: Sunday, November 12, 2000 4:59 PM
> > Subject: [SQU] ANNOUNCEMENT: NTLM update
> >
> >
> > > This is to announce an update to the CVS tree for squid-ntlm.
> > >
> > > The new code (like the existing code) is somewhere after alpha and
> > > before production. YMMV.
> > >
> > > Why upgrade?
> > >
> > > * Nearly complete authentication rewrite.
> > > * Full reconfigure support (Prior to this squid does not expire users
in
> > > the user cache according to the new authenticate ttl).
> > > * Dynamic Authentication scheme support. Squid only offers and accepts
> > > the authentication scheme that helpers are defined in squid.conf for.
> > > I.E. if you need Basic support, simply list an authenticate_program.
> > > * NTLM usernames are logged as domain\user, not domain%5cuser.
> > > * At a source level authenticate.c now handles nearly all the
> > > authentication functionality, and acl.c the access controls. This
should
> > > allow easy integration of digest/kerberos etc as acl.c should need
> > > minimal (if any) changes.
> > > * generic acl match caching function for acl.c (used by this update)
> > > * acl match caching for proxy_auth and proxy_auth_regex with
> > > authenticated users. This means that if you have long proxy_auth or
> > > proxy_auth_regex acls, repeated requests for a given username (even
from
> > > multiple workstations) will short-circuit the username matching. For
> > > sites with 1000's of users, or complex regex's this should produce
> > > substantial CPU savings.
> > > * user cache garbage collection. (we use more memory with NTLM and
also
> > > with acl match caching.)
> > > * New config directive authenticate_cache_garbage_interval to tune
user
> > > cache garbage collection.
> > > * multiplexed ntlm helper requests. fake_auth has been updated, I'm
not
> > > sure whether the NTLMSSP helper will respond 'optimally' to this or
not.
> > > It should work though (I can't test it :-[)
> > > * IP address movement restrictions affect NTLM and basic
authentication
> > > equally. (shared code now).
> > > * NTLM authenticated user timeouts & IP timeouts as per basic
> > > authentication (shared code now).
> > > * (hopefully) generally cleaner interfaces internally, should be a lot
> > > easier to add digest et al in the future.
> > > * removed --enable-basic-authentication
and --enable-ntlm-authentication
> > > configure options. Authentication schemes are now implicitly
controlled
> > > via squid.conf. (By setting a helper for a given scheme).
> > >
> > > The helpers themselves have not changed substantially. In particular
the
> > > NTLMSSP helper is still using the same wire-level protocol to the
Domain
> > > Controller. If you have tuned your system to work well now, I suggest
> > > keeping the same parameters and seeing how it runs.
> > >
> > > To update:
> > > do a cvs update in your source directory
> > > then autoconf
> > > then autoheader
> > > the in your build directory
> > > make clean
> > > make
> > > make install
> > >
> > >
> > > --
> > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> > >
> >
> >
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html