"Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
news:4D718401.6050404_at_treenet.co.nz...
> On 05/03/11 05:41, Markus Moeller wrote:
>> Do you have an idea how such a wrapper would work ?
>>
>> The issue I see is that the wrapper helper must do the same process
>> management as squid. Which I think is quite some duplication.
>>
>> Markus
>>
>
> Squid already does the tri-state response handling similarly for Negoatite
> and NTLM auth schemes. The blob decoding and response state is entirely up
> to the helper.
>
> I think the wrapper just needs to decode the blob and do either NTLM
> challenge+validate or Kerberos validate on the result depending on what
> detail it gets.
>
So squid keeps state to which helper instance the NTLM challenge was send
too ?
> A flag internally to determine that an NTLM validate is the next state
> after challenge will be needed to avoid sending NTLM challenge then
> validating the follow-up with Kerberos.
>
I really don't want to program all of that. I just would like to hand it
over to the existing squid_kerb_auth or ntlm_auth helper after
identification of the blob beeing NTLM or not. But if I hand the token
over squid_kerb_auth or ntlm_auth will get into an endless loop and won't
return to my wrapper.
Does that make sense ?
> "Simples", as the rat said to the piper.
>
> Amos
>
>
>>> -----Messaggio originale-----
>>> Da: Henrik Nordström
>>>
>>> ons 2010-04-07 klockan 20:27 +0100 skrev Markus Moeller:
>>>
>>> > Would it make sense to define in squid two new configuration options
>>> > to
>>> > control Negotiate authentication ? I am thinking of adding
>>> >
>>> > Negotiate-NTLM
>>> >
>>> > and
>>> >
>>> > Negotiate-Kerberos
>>>
>>> I would prefer a wrapper helper doing this selection.
>>>
>>> Regards
>>> Henrik
>>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.11
> Beta testers wanted for 3.2.0.5
>
Received on Sat Mar 05 2011 - 11:47:28 MST
This archive was generated by hypermail 2.2.0 : Sun Mar 06 2011 - 12:00:03 MST