lör 2010-03-27 klockan 18:42 +0100 skrev Khaled Blah:
> Hi all,
>
> I'm developing an authentication helper (Negotiate/NTLM) for squid and
> I am trying to understand more how squid handles this process
> internally. Most of all I'd like to know how and how long squid caches
> authentication results. I have looked at the debug logs and they show
> that squid seems to do "less caching" for Negotiate/NTLM than it does
> for Basic/Digest authentication.
Due to the nature of NTLM & Negotate authentication it's the helper
performing the Negotiate/NTLM handshake, and because of this there is no
cache in Squid for these schemes as there is nothing to use as cache
key.
basic & digest auth is handled internally by Squid, and enables Squid to
cache the credentials validity.
In theory we could implement NTLM in similar manner, but it would then
not be possible to integrate with Windows domain controllers / active
directory.
Don't know enough of Kerberos to tell what possibilities there may be to
cache in Negotiate auth.
> I am wondering whether I can do
> something about this so that a once verified user will only get his
> credentials re-verified after a certain time and not all during. I am
> grateful to any insight the list can give me. Thanks in advance!
In 2.7 there is a generic auth cache based on source IP, useful when the
clients are single-user workstations.
Regards
Henrik
Received on Sat Apr 03 2010 - 21:42:35 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 05 2010 - 12:00:03 MDT