On Mon, Feb 18, 2008, Richard Wall wrote:
> This is something that I'm currently very interested in. I had heard
> that NTLM auth could significantly reduce Squids throughput but
> haven't seen any figures. I couldn't tell from your message above
> whether you / your customer has already tried deploying Squid / NTLM
> auth in live environment. If so, I'm really interested to know what
> request rate Squid was able to maintain.
Well, yes, its going to drop the request rate significantly, but
it should still maintain a couple hundred requests a second.
> I understand from the documentation, that the three stage NTLM
> authentication negotiation has to be repeated for every new connection
> and that this is the bottleneck. I'd assumed that winbindd was able
> to CACHE the NTLM user credentials, so that subsequent requests would
> not result in network calls to the NTLM authentication server. Is this
> your understanding?
Thats basically right - Squid doesn't handle the NTLM itself, it just
passes the blob right through. The helper framework can handle hundreds
of requests a second without too much thought; I'd like to spend some
time figuring out what Samba is doing thats so slow. I thought that winbind
was actually handling the NTLM challenge/response stuff itself and caching
data rather than passing it upstream to the DC for every request.
I haven't yet looked at it, so I can't say for certain that is correct.
> We were considering the possibility of using something like Selenium
> control the web browser and send requests that way, but some further
> googling suggests that curl may be able to send NTLM Proxy auth
> requests.
Hm, got any URLs for that?
adrian
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -Received on Mon Feb 18 2008 - 06:45:12 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST