mån 2006-02-27 klockan 12:03 +0000 skrev Paul Mattingly: > squidhp# ./ntlm_auth --helper-protocol=squid-2.5-ntlmssp > squid\administrator password > [2006/02/01 10:23:18, 1] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(578) > BH > > Above is an example of testing the ntlm_auth program. I never got this > to work properly by hand, but squid seems happy with it! It's an error > that doesn't need fixing.
Not an error. You can't test NTLMSSP by hand as it requires proper NTLMSSP packets as input/output and only computers know how to speak NTLMSSP... If you have a NTLMSSP demonstration program capable of acting as a client then you can copy-paste the NTLMSSP exchanges between this and the helper to verify the functionality with just a little glue around it detailed at http://devel.squid-cache.org/ntlm/. I think there is one such example program in the Windows SDK or at least around MSDN somewhere.. but it was many years since I did any Windows development.. You can test the basic scheme by hand just fine. # ./ntlm_auth --helper-protocol=squid-2.5-basic squid\administrator password OK|ERR > auth_param ntlm program /usr/local/samba/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 3 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > auth_param ntlm use_ntlm_negotiate on most people also configure support for basic authentication as not all clients supports ntlm. It is important you have the ntlm related auth_param directives before basic however as MSIE is a bit simpleminded and simply uses the first scheme found, not the strongest as it should.. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
