Il 23.31 07/09/2003 Robert Collins ha scritto:
On Mon, 2003-09-08 at 04:03, Serassio Guido wrote:
ntlm caching cannot be used with the windows backend, as you aren't choosing your challenge - it's being supplied.
My impression was correct.
The helper currently don't allow the reuse of a challenge with a sort of two state architecture:
YR => TT with a challenge generated from a fake negotiate packet KK => AF or NA and again YR => TT KK => AF or NA
if a KK is got with an already used challenge, a BH is generated.
It seems that in Squid there is a problem:
I'm using auth_param ntlm max_challenge_reuses 0, but sometimes I get a KK without a YR, the helper sends a BH to squid and Internet Explorer pop-ups for authentication.
Kinkie has a patch in development to supply the negotiate to the helper, and force the squid.conf settings to a compatible level.. will try to find time to review it, so we can move it along.
Very interesting, the helper is ready for the real NEGOTIATE packet.
Regards
Guido
- ======================================================= Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it
