Re: [squid-users] NTLM Authentication and Connection Pinning problem

From: Jeff Foster <jfoste_at_gmail.com>
Date: Tue, 2 Mar 2010 08:01:11 -0600

On Thu, Feb 18, 2010 at 8:06 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Thats what I described as "weird". The server is not obeying that. It
> challenged for every new object requested within link #7 in your trace.

Not sure what you mean by link 7, if you are refering to

GET /styles/dashboard.css

I believe that is the link causing the authentication dialog
popup. The reason you don't see an end to the stream is because
I terminate the trace before re-authenticating.

I have tried to debug the code to see how the client TCP connection
is tied to an upstream connection and can't seem to figure that
out. Please direct me to the code that does that.

I think because the NTLM authentication is TCP connection based
the upstream connections should NOT be used in a pool.
The upstream connection should follow the client connection.
What I mean is that all client traffic on that connection should
use the same upstream connection. And the upstream connection
shouldn't be used for other requests because a non-authenticated
user could access web content they don't have permissions to.

The select upstream connection selection would be

  if client_fd pinned
    get upstream_fd and use it
  else
    current selection method but don't used pinned connections

In addition an upstream_fd would be closed when the client_fd
is closed.

Jeff F>
Received on Tue Mar 02 2010 - 14:01:19 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 02 2010 - 12:00:02 MST