Hi,
I tried to implement the IP based NTLM authentification cache patch. But
when i rebuild my squid, it doesn't apply it. Apparently, the patch try
to modify authentificate.c which doesn't exist. I only have
authentificate.cc which is really different.
Fred
Henrik Nordstrom wrote:
tis 2009-07-21 klockan 14:18 +0200 skrev Frederic THOMAS:
On previous version we could use following settings (ntlm parameters on
2.5 squid and i noticed they didnt exists after 2.6) :
"max_challenge_reuses" number
"max_challenge_lifetime" timespan
These settings were removed as the technique is both fragile and
completely incompatible with NTLMv2.
What similar option on squid 3 can be used to reduce authentication
traffic ? Is there any solution to avoid an authentification request to
each connection and have a possibility to reuse a token id ?
You can try enable Negotiate authentication. Uses much less 407
handshakes.
Or see into having the IP based authentication cache forward-ported to
Squid-3.
Or better yet, see too having Squid updated to support HTTP/1.1,
enabling the use of chunked encoding squid->client, which drastically
reduces the amount of new connections seen.
Regards
Henrik
