Re: [SQU] ANNOUNCEMENT: NTLM update

From: Thomas Goebel <thomas@dont-contact.us>
Date: Mon, 13 Nov 2000 10:58:31 +0100

Hello,

if i do a

make clean they start an configure again and again and never stops.

cu

Thomas

Robert Collins wrote:
>
> This is to announce an update to the CVS tree for squid-ntlm.
>
> The new code (like the existing code) is somewhere after alpha and
> before production. YMMV.
>
> Why upgrade?
>
> * Nearly complete authentication rewrite.
> * Full reconfigure support (Prior to this squid does not expire users in
> the user cache according to the new authenticate ttl).
> * Dynamic Authentication scheme support. Squid only offers and accepts
> the authentication scheme that helpers are defined in squid.conf for.
> I.E. if you need Basic support, simply list an authenticate_program.
> * NTLM usernames are logged as domain\user, not domain%5cuser.
> * At a source level authenticate.c now handles nearly all the
> authentication functionality, and acl.c the access controls. This should
> allow easy integration of digest/kerberos etc as acl.c should need
> minimal (if any) changes.
> * generic acl match caching function for acl.c (used by this update)
> * acl match caching for proxy_auth and proxy_auth_regex with
> authenticated users. This means that if you have long proxy_auth or
> proxy_auth_regex acls, repeated requests for a given username (even from
> multiple workstations) will short-circuit the username matching. For
> sites with 1000's of users, or complex regex's this should produce
> substantial CPU savings.
> * user cache garbage collection. (we use more memory with NTLM and also
> with acl match caching.)
> * New config directive authenticate_cache_garbage_interval to tune user
> cache garbage collection.
> * multiplexed ntlm helper requests. fake_auth has been updated, I'm not
> sure whether the NTLMSSP helper will respond 'optimally' to this or not.
> It should work though (I can't test it :-[)
> * IP address movement restrictions affect NTLM and basic authentication
> equally. (shared code now).
> * NTLM authenticated user timeouts & IP timeouts as per basic
> authentication (shared code now).
> * (hopefully) generally cleaner interfaces internally, should be a lot
> easier to add digest et al in the future.
> * removed --enable-basic-authentication and --enable-ntlm-authentication
> configure options. Authentication schemes are now implicitly controlled
> via squid.conf. (By setting a helper for a given scheme).
>
> The helpers themselves have not changed substantially. In particular the
> NTLMSSP helper is still using the same wire-level protocol to the Domain
> Controller. If you have tuned your system to work well now, I suggest
> keeping the same parameters and seeing how it runs.
>
> To update:
> do a cvs update in your source directory
> then autoconf
> then autoheader
> the in your build directory
> make clean
> make
> make install
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Nov 13 2000 - 03:02:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:19 MST