"Amos Jeffries" <[email protected]> wrote in message
news:[email protected]...
On 05/03/11 05:41, Markus Moeller wrote:
Do you have an idea how such a wrapper would work ?
The issue I see is that the wrapper helper must do the same process
management as squid. Which I think is quite some duplication.
Markus
Squid already does the tri-state response handling similarly for Negoatite
and NTLM auth schemes. The blob decoding and response state is entirely up
to the helper.
I think the wrapper just needs to decode the blob and do either NTLM
challenge+validate or Kerberos validate on the result depending on what
detail it gets.
So squid keeps state to which helper instance the NTLM challenge was send
too ?
A flag internally to determine that an NTLM validate is the next state
after challenge will be needed to avoid sending NTLM challenge then
validating the follow-up with Kerberos.
I really don't want to program all of that. I just would like to hand it
over to the existing squid_kerb_auth or ntlm_auth helper after
identification of the blob beeing NTLM or not. But if I hand the token
over squid_kerb_auth or ntlm_auth will get into an endless loop and won't
return to my wrapper.
Does that make sense ?
"Simples", as the rat said to the piper.
Amos
-----Messaggio originale-----
Da: Henrik Nordström
ons 2010-04-07 klockan 20:27 +0100 skrev Markus Moeller:
> Would it make sense to define in squid two new configuration options
> to
> control Negotiate authentication ? I am thinking of adding
>
> Negotiate-NTLM
>
> and
>
> Negotiate-Kerberos
I would prefer a wrapper helper doing this selection.
Regards
Henrik
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
