Squid-2.5 bugs to kill

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 10 Aug 2003 21:28:26 +0200

There is now 4 bugs on the list of Squid-2.5 issues classified as
worth to fix during the 2.5 cycle, preferably soonish to have them
included in the upcoming 2.5.STABLE4 release.

All 4 are authentication related issues:

   Bug #267 Form POSTing troubles with NTLM authentication
   [connection management issue.. must not close connection while
browser is sending the request body]

   Bug #592 always/never_direct and NTLM authentication
   Bug #585 cache_peer_access fails with NTLM authentication
   [both work with basic however..]

   Bug #638 assertion failure if proxy_auth used wrongly in
delay_access

Not on this list but still open for discussion is also what to do
about our synthetic NTLM responses to increase the chances that it
does work without risking breaking things for setups where it already
works.

I will look into the first issue (POST issue when using NTLM) as it
boils down to a generic squid issue not really NTLM related, but I
need help with what to do about the other three issues. The
connection oriented auth interactions is mostly magics to me, and I
do not have a NT network to test NTLM intercations in. These issues
quite likely is present in Squid-3 as well from what I can tell.

For Squid-3 I strongly urge that we get rid of the synthetic
challenges allowing Samba to implement the NTLM/NTLMv2 schemes fully,
preferably before Squid-3.0 is released. As long as we do synthetic
magics there will be interoperability problems with different
security level settings, character sets etc. I do not mind if this
involves requiring a thousand helper processes to maintain state
correctly if overlapping helper requests can not be used.

Regards
Henrik
Received on Sun Aug 10 2003 - 13:29:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:27 MST