On Mon, Feb 18, 2008, Richard Wall wrote: > This is something that I'm currently very interested in. I had heard > that NTLM auth could significantly reduce Squids throughput but > haven't seen any figures. I couldn't tell from your message above > whether you / your customer has already tried deploying Squid / NTLM > auth in live environment. If so, I'm really interested to know what > request rate Squid was able to maintain. Well, yes, its going to drop the request rate significantly, but it should still maintain a couple hundred requests a second. > I understand from the documentation, that the three stage NTLM > authentication negotiation has to be repeated for every new connection > and that this is the bottleneck. I'd assumed that winbindd was able > to CACHE the NTLM user credentials, so that subsequent requests would > not result in network calls to the NTLM authentication server. Is this > your understanding? Thats basically right - Squid doesn't handle the NTLM itself, it just passes the blob right through. The helper framework can handle hundreds of requests a second without too much thought; I'd like to spend some time figuring out what Samba is doing thats so slow. I thought that winbind was actually handling the NTLM challenge/response stuff itself and caching data rather than passing it upstream to the DC for every request. I haven't yet looked at it, so I can't say for certain that is correct. > We were considering the possibility of using something like Selenium > control the web browser and send requests that way, but some further > googling suggests that curl may be able to send NTLM Proxy auth > requests. Hm, got any URLs for that? adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
