RE: [squid-users] NTLM helper performance problem

From: Henrik Nordstrom <[email protected]>
Date: Mon, 26 Apr 2004 14:31:47 +0200 (CEST)

On Mon, 26 Apr 2004, SXB6300 Mailing wrote:

> Just another question : do you recommand using challenge reuse or not? Because I was
> thinking of it as a way to limit the communication with the DC...

I don't recommend challenge reuse, but if you have a small number of users
and a very busy DC then it may help some.. For larger setups it in my
opinion just makes the load to random to predict in a reasonable manner.
But you are welcome to give it a try if you like. But you still need a
relatively high number of helpers. There is a lot to improve on to make
challenge reuses really working the way they should.

There is also the issue with a temporary memory leak in reused challenges
(see known issues).

In future challenge reuse will be phased out even further in favor for
full NTLMSSP negotiation alloving proper NTLMv2 and NTLM2 operation where
challenge reuse is not an option.

Note: Until HTTP/1.1 is supported by Squid NTLM performance will be poor
at best due to the nature of NTLM.

Regards
Henrik
Received on Mon Apr 26 2004 - 06:31:50 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT