Jason Haar wrote:
>
> On Tue, Nov 21, 2000 at 11:14:28AM +0100, Chemolli Francesco (USI) wrote:
> > There is a mod_smb_auth for Apache, but it's broken at the
> > protocol level, I'd be very surprised if it worked.
>
> All the mod_auth_smb-style modules do is provide Basic auth - not NTLM (i.e.
> the "automatic" authentication).
>
> As you say they all suffer from the fact that they are single-process so
> that you end up re-checking the password against the domain controller for
> every page - i.e. NO CACHING.
Later versions of pam_smb (URL is in the Samba docs) do have a cacheing
authentication daemon, but as you say this is BASIC authentication only.
AFAIK it is impossible (by design) to cache NTLM authentication, since
neither the plain-text password nor the password hash go over the air.
Mod-ntlm uses the 'keepalive' option of Apache to avoid authenticating
more than once per TCP/IP connect, and with the keepalive timeout set to
60 seconds that does reduce the workload for active web browsers, at the
cost of more Apache processes.
Dave
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 22 2000 - 01:06:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:32 MST