On Mon, 2004-11-01 at 01:29, Henrik Nordstrom wrote: > On Sat, 30 Oct 2004, Andrew Bartlett wrote: > > > Actually, now I re-read this, I think know what you you mean: > > > > 0 YR ........ > > 1 YR ...... > > 1 TT ######### > > 1 KK ...... > > > > Is there are 'shutdown' command? > > What you refer to by 'shutdown'? > > There is not yet any explicit command for "authentication session > aborted", it simply resets on the next YR with the same session > identifier. Not sure if this is needed.
This should not be hard to add later. In any case, I've implemented this in Samba4's ntlm_auth, and I'll get it ported to Samba3 at some point. I've also added support for Samba3 winbindd to Samba4's ntlm_auth, so we can use the newer code with the old backend. > Shutdown of the helper is on EOF as before. The only difference is > that the helper should take care to respond to all pending requests before > exiting if reordering is supported by the helper. If reordering is not > supported by the helper then there won't be any pending requests when it > detects EOF so nothing has really changed then on shutdown. So, on EOF on the input, we should look at the outstanding requests (say off at the DC, awaiting a response) and wait for them to complete before shutting down the helper? > This very simple scheme buys two things > > a) For stateful helpers it allows the same helper instance to maintain a > large number of sessions. In case of NTLM it allows the same helper to > have multiple pending challenges. Simply avoiding all those processes will make this a big saving. > b) In all helpers it allows batching of several operations, reducing the > amount of context switching required. So squid could well ask for 4 challenges, one after the other? > c) It (optionally at the helpers discretion) allows for the helper to > respond to the pending queries in any order it likes, allowing the same > helper instance to continue processing queries while waiting for external > lookups such as winbind / DNS / databases / whatever. I'm going to work more on this area, particularly as the single-threaded winbindd goes away. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
