2005/8/5, Henrik Nordstrom <hno@squid-cache.org>:
> On Wed, 3 Aug 2005, Kinkie wrote:
>
> > With max_challenge_reuse set to anything but 0, squid will perform a
> > replay attack on the NTLM authentication to increase authentication
> > performance.
> >
> > Everything should work more or less fine (if you see failed auths you
> > may want to enable the helper-fail-open config option and helper flag -
> > be warned that doing so is a security compromise).
>
> Except that there appears to still be some Squid stability issues with
> NTLM Challenge-Reuse enabled.
>
Hi !! Thanks for the answers of both of you !!
By stability issues, do you mean that Squid crashes with NTLM Challenge-Reuse?
The problem we are facing here is due to a bug in Windows Event Log.
When the windows log file becomes greater than a certain size, smaller
then the maximum size we have specified, it stops logging new events.
To prevent losing security logs, we decided to run a scheduled job
that copies and empties de windows event log every four hours.
Whenever this job runs, the DC becomes slow, and the ntlm helpers
start to enter in "R" state, probably waiting for the DC response.
What we need to do is to lower Squid authentication needs, until we
solve this bug.
What would be the best way to do it?
Regards,
Carlos.
Received on Fri Aug 05 2005 - 16:32:23 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT