Robert Collins wrote:
> * there is a lot of variation in the needed helper support for each scheme ie some schemes may not use helpers/ some like ntlm need
> very complex helper support/ some need very little like basic & digest.
The basic message format between Squid and the helper could still be the
same, the difference is the amount&type of information passed, and
amount of state kept at both ends..
> * the schemes already register when they are configured. multiple
> helpers & auth schemes will co-exist in what I believe are
> fundamentally different fashions for each scheme - ie
Ok.
The reason why I came to think about this was that a single NT-Domain
helper should be able to quite easily handle both NTLM and Basic (using
NTLM to the domain controller), but it is a quite small benefit and not
very important.
> * backend provided group information (ie in the acl have group names, and then the helper tells us that john is in group
> internet-users.
This and more in that direction I have some old notes on...
http://www.squid-cache.org/mail-archive/squid-dev/199912/0031.html
> * upstream modular auth code - so squid can login into an
> upstream proxy using digest (or _shudder_ ntlm). are important
> features.
And proxying of NTLM authentication. Mainly for those who run
transparent proxies...
> Finally I do think that a semi-standard message format, so we
> can provide helper parsing code in authenicate.c would be a good idea.
True.
/Henrik
Received on Sun Jan 07 2001 - 04:59:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:12 MST