On Sat, 2004-11-06 at 12:26, Robert Collins wrote: > On Sat, 2004-11-06 at 12:24 +1100, Andrew Bartlett wrote: > > I wish to propose an extension to the NTLM helper/squid protocol, such > > that a squid redirector, or a external ACL helper, may access the list > > of groups. > > > > A new command to ntlm_auth, UG, would request the list of user groups > > from the last authentication. This uses the fact that in NTLM and > > SPNEGO authentication, the authentication produces the group list, that > > should be valid for a particular session. > > It shouldn't be a new command. The cookie should just be returned with > the auth. (Anything else races hugely with overlapped requests).
How so? Squid controls when it asks for a new authentication, it can just do the extra round-trip after getting the AF. For the multiplexed helper, it is just prefixed with the multiplex integer, as for all other requests. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
