It's been a while coming... but Kinkie and I now have
probably-production ready NTLM code. It's gone past 1.5 million requests
without failing. The attached patch is a rollup of many minor fixes and
some enhancements:
* Digest: fix crash on shutdown
* ACL: New type max_user_ip to replace authenticate_ip_is_strict.
* ACL: Authenication refactored, to separate authentication and
authorisation as well as allow 'lazy auth' where authentication is
triggered by the presence of an authentication using ACL, not
necessarily "proxy_auth". I.e. using max_user_ip will trigger
authentication even if no proxy_auth acl's are defined.
* Authentication: API for schemes extended to allow handling duplicate
authentication on a authenticated _connection_ (yes NTLM again).
* Authentication: Authentication API extended to allow multiple IP's per
auth_user, and to allow authentication as an orthogonal process to
authorisation.
* NTLM: many minor races fixed. Should prevent the "Direction before
..." errors and the "Duplicate auth" + login popup bug.
* Delay pools: Support authentication (Non-NTLM)in delay pools acl's.
Beginnings of NTLM support for same.
* Helpers: Stateful helper bugfixes to prevent negative deferred helper
counts (which prevented ntlm challenge refreshing).
* configure: detect two more headers for NTLM compilation on some
platforms.
Rob
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:09 MST