Hi Amos,
At 16.55 12/01/2009, Amos Jeffries wrote:
Razvan Grigore wrote:
>> From: Serassio Guido <guido.serassio@xxxxxxxxxxxxxxx>
>> Date: Fri, 24 Jun 2005 09:37:06 +0200
>>
>> Hi,
>>
>> This behaviour is correct by Microsoft NTLM design. When negotiated,
>> NTLM authentication cannot be cached:
>> You are using "use_ntlm_negotiate on", so every Challenge/Response
>> request must be handled from Winbind.
>>
>> When using "use_ntlm_negotiate on", max_challenge_reuses and
>> max_challenge_lifetime are not (and cannot be) used.
>>
>> This is the only stable configuration using NTLM, disabling
>> use_ntlm_negotiate is a worst option.
>>
>> Regards
>>
>> Guido
>>
>
> Hello,
>
> I want to know if this is true.
Very high likelihood of being true. Guido is the author of the NTLM
negotiate code.
Not exactly, I'm the author of all the Windows NTLM and Negotiate
native helpers.
The majority of the Squid NTLM code comes from Kinkie, Robert and Henrik.
About the question, yes, this is the NTLM and Negotiate nature: there
is always a live challenge-response exchange between the client and
the NTLM/Negotiate server.
Please note, starting from Squid 2.6 the NTLM negotiation is hard coded to on.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/
