On 11/18/2013 10:39 PM, Amos Jeffries wrote: > On 2013-11-19 08:47, Alex Rousskov wrote: >> On 11/18/2013 10:57 AM, Tsantilas Christos wrote: >>> On 11/15/2013 05:11 PM, Amos Jeffries wrote: >>>> in src/auth/ntlm/UserRequest.cc: >>>> >>>> * the YR and KK are lookups codes, not part of the credentials. They >>>> must be first on the helper query line and not manipulable by the >>>> admin. >>>> - same problem in Negotiate as well. >>> >>> >>> If we remove the lookupcodes from credentials then we have to implement >>> one more formating code which will print the type of cretendials. >>> >>> I believe that it is better to keep YR and KK as part or cretendials as >>> prefixes which describe type of cretendials. >> > > This is kind of a non-problem since those codes are only used by > NTLM/Negotiate which are not re-used from the username cache like Basic > is. They are 'cached' by being tied 1:1 to a particular ConnStateData > object and there is no cache key to worry about. The username_cache > entries for NTLM/Negotiate are strictly for cachemgr reporting purposes. >
My question has to do with the request format line, it is not related to caching. However if we completelly remove the %credentials formating code my question does not make any sense.. The patch I posted does not use the credentials as part of the cache key. The default realm uses the request format line except the credentianls as part of cache key.... >> >> I agree, but this point will probably become moot if we delete all >> %credentials code. If I understand Amos request correctly, the patch >> should only append user-configurable fields (no %credentials there!) to >> the internally generated (by the old code!) [type+]credentials buffer. >> > > Yes. > > Amos >
