There is now 4 bugs on the list of Squid-2.5 issues classified as worth to fix during the 2.5 cycle, preferably soonish to have them included in the upcoming 2.5.STABLE4 release.
All 4 are authentication related issues: Bug #267 Form POSTing troubles with NTLM authentication [connection management issue.. must not close connection while browser is sending the request body] Bug #592 always/never_direct and NTLM authentication Bug #585 cache_peer_access fails with NTLM authentication [both work with basic however..] Bug #638 assertion failure if proxy_auth used wrongly in delay_access Not on this list but still open for discussion is also what to do about our synthetic NTLM responses to increase the chances that it does work without risking breaking things for setups where it already works. I will look into the first issue (POST issue when using NTLM) as it boils down to a generic squid issue not really NTLM related, but I need help with what to do about the other three issues. The connection oriented auth interactions is mostly magics to me, and I do not have a NT network to test NTLM intercations in. These issues quite likely is present in Squid-3 as well from what I can tell. For Squid-3 I strongly urge that we get rid of the synthetic challenges allowing Samba to implement the NTLM/NTLMv2 schemes fully, preferably before Squid-3.0 is released. As long as we do synthetic magics there will be interoperability problems with different security level settings, character sets etc. I do not mind if this involves requiring a thousand helper processes to maintain state correctly if overlapping helper requests can not be used. Regards Henrik
