Re: I know the Problem with ntlm

From: Thomas Goebel <thomas@dont-contact.us>
Date: Tue, 10 Oct 2000 10:26:25 +0200

Hallo,

> Cannot do. What about the case where you have user foo\bar and gazonk\bar
> then? No, the domain part is to remain. Blame Microsoft for such a
> dumb design.

Does this means, i must add X lines for one User. like this:
USERA
usera
UserA
DOMAIN\USER1
domain\user1

What happend in my cache.log File(Robert sendt it)? The Username was not
correct displayed.

cu

Thomas

"Chemolli Francesco (USI)" wrote:
>
> > Thomas,
> > can you please cc your replies on this discussion to the list: I
> > am not the only squid-ntlm developer.
> >
> > Hacing looked into case-sensitivity for usernames, I don't know if
> > ldap/unix systems will allow test and Test to be different usercodes,
> > but in case they do I am not going to make the username check
> > case-insensitive for that reason. What I will do is make sure that the
> > username returned from NTLM is always uppercase.
>
> I can do that at the authenticator level, only with lower case
> (it's just a matter of personal taste, I dislike upper-case).
> If you want, I can make a command-line switch to change the behavior.
> The check against the domain is case-insensitive anyways...
> This is exactly the reason why I implemented the case-insensitive
> switch for http_auth acls. I don't know whether it's in the current
> CVS, if not I can send you a patch.
>
> > The usernames are of the format domain\user because that is the couple
> > used by MS who wrote the spec. (It's not a feature it's what
> > the decode
> > process returns).
>
> I did it for consistency with the Microsoft Proxy behaviour.
> It would be nice however if logged entries weren't URLencoded,
> at least as far as the \ character goes.
>
> > A similar issue exists with domain names where you
> > have www.foo.net or www. Just using www can result in
> > confusion. So just
> > using GOEBELT could be a problem. I.E. what if you have two user
> > domains, and a repeated username across them?
>
> With the current domain code, it shouldn't work at all.
> The domain is _required_.
>
> > What we could do is get the helper to return just the
> > username component
> > (turned on or off with a command switch) - kinkie what do you
> > think? The
> > helper should do it as it is where caching and optimisations are being
> > placed at this point.
>
> Cannot do. What about the case where you have user foo\bar and gazonk\bar
> then? No, the domain part is to remain. Blame Microsoft for such a
> dumb design.
>
> --
> /kinkie, going back to coding NOW.

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Oct 10 2000 - 02:33:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:43 MST