Ok, first:
as I said with only 1 authenticator all was reported to be fine.
I saw some (few) failures in the log though (same type as before).
This time up to 13 requests in a row succeeded but sometimes less. Again,
never the first auth request after a connect failed. After starting squid,
no error occured for 60 minutes, then one error every 40 minutes (+/- 2
minute variation).. This doesn't look too random. Ok, admitted, I had
raised the challenge time period, I'll now lower it to the default (even
below, I'll take 15 minutes). I'll see in my other logs if this could
allow for the errors in my previous 10 client config. However, i got the
errors in the default config. this was my first try. I also cannot
remember ever having seen a challenge refresh in the logs though. Maybe
this is broken?
In the meantime, I made the attached hack to the ntlm_authenticator to
force a new challenge/connection every time. From a cryptographic approach
(my, a mathematicians, view) I think it is very odd to use the same
challenge for many users. From the logs it seems a challenge needs <1s and
should be ok IMHO (ntlm auth seems slow at the beginning anyway). Would be
nicer to provide the challenge befor waiting for a new request though (too
difficult for me now). Also I fear it could expire on an idle squid.
Works right now, but I'll have it tested under stress tomorrow.
Michael.
-- Michael Weller: eowmob@exp-math.uni-essen.de, eowmob@ms.exp-math.uni-essen.de, or even mat42b@spi.power.uni-essen.de. If you encounter an eowmob account on any machine in the net, it's very likely it's me. -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Oct 26 2000 - 16:41:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:59 MST