[squid-users] authenticate_ttl and ntlm_auth

From: <marpon@dont-contact.us>
Date: Thu, 23 Jun 2005 14:32:55 -0400

Hi,

I have squid-2.5.ESTABLE6-3 installed with NTLM authentication to an active
directory domain. According to the manual, the parameter authenticate_ttl
and the option ttl of external_acl_type define a cache for authentication
requests.

But, although I have set them to a 20 minutes period, I see in the winbind
log (and doing a tcpdump of the connection to the domain controller) that
every request that the squid receives generates an authentication request
to the domain controller. Is this right? Does the authentication cache
works with ntlm authentication or is it just for basic/digest?

Here is the interesting settings of my config file:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 100
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param ntlm use_ntlm_negotiate on

authenticate_ttl 20 minutes

external_acl_type nt_group ttl=3600 %LOGIN /usr/lib/squid/wbinfo_group.pl

Another doubt: how is the relationship between authenticate_ttl and
max_challenge_lifetime?

Regards,

Martin

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
Received on Thu Jun 23 2005 - 12:32:41 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT