Re: Fwd:Fw: (SQU) ANNOUNCEMENT: NTLM update

From: Craig Fels <csfels@dont-contact.us>
Date: Mon, 13 Nov 2000 10:42:13 -0600

Robert,

Is there a way to get this new source without using CVS?

Thanks,
Craig

> ----- Original Message -----
> From: Robert Collins <robert.collins@itdomain.com.au>
> To: <squid-users@ircache.net>
> Sent: Sunday, November 12, 2000 4:59 PM
> Subject: [SQU] ANNOUNCEMENT: NTLM update
>
>
> > This is to announce an update to the CVS tree for squid-ntlm.
> >
> > The new code (like the existing code) is somewhere after alpha and
> > before production. YMMV.
> >
> > Why upgrade?
> >
> > * Nearly complete authentication rewrite.
> > * Full reconfigure support (Prior to this squid does not expire users in
> > the user cache according to the new authenticate ttl).
> > * Dynamic Authentication scheme support. Squid only offers and accepts
> > the authentication scheme that helpers are defined in squid.conf for.
> > I.E. if you need Basic support, simply list an authenticate_program.
> > * NTLM usernames are logged as domain\user, not domain%5cuser.
> > * At a source level authenticate.c now handles nearly all the
> > authentication functionality, and acl.c the access controls. This should
> > allow easy integration of digest/kerberos etc as acl.c should need
> > minimal (if any) changes.
> > * generic acl match caching function for acl.c (used by this update)
> > * acl match caching for proxy_auth and proxy_auth_regex with
> > authenticated users. This means that if you have long proxy_auth or
> > proxy_auth_regex acls, repeated requests for a given username (even from
> > multiple workstations) will short-circuit the username matching. For
> > sites with 1000's of users, or complex regex's this should produce
> > substantial CPU savings.
> > * user cache garbage collection. (we use more memory with NTLM and also
> > with acl match caching.)
> > * New config directive authenticate_cache_garbage_interval to tune user
> > cache garbage collection.
> > * multiplexed ntlm helper requests. fake_auth has been updated, I'm not
> > sure whether the NTLMSSP helper will respond 'optimally' to this or not.
> > It should work though (I can't test it :-[)
> > * IP address movement restrictions affect NTLM and basic authentication
> > equally. (shared code now).
> > * NTLM authenticated user timeouts & IP timeouts as per basic
> > authentication (shared code now).
> > * (hopefully) generally cleaner interfaces internally, should be a lot
> > easier to add digest et al in the future.
> > * removed --enable-basic-authentication and --enable-ntlm-authentication
> > configure options. Authentication schemes are now implicitly controlled
> > via squid.conf. (By setting a helper for a given scheme).
> >
> > The helpers themselves have not changed substantially. In particular the
> > NTLMSSP helper is still using the same wire-level protocol to the Domain
> > Controller. If you have tuned your system to work well now, I suggest
> > keeping the same parameters and seeing how it runs.
> >
> > To update:
> > do a cvs update in your source directory
> > then autoconf
> > then autoheader
> > the in your build directory
> > make clean
> > make
> > make install
> >
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
> >
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Nov 13 2000 - 09:45:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:21 MST