Skip to content

Commit 2b5515d

Browse files
jengelhjengelh
committed
doc: reword gss_program and ntlmssp_program description texts
References: GXF-1789, DESK-2497
1 parent ef37d70 commit 2b5515d

File tree

1 file changed

+13
-14
lines changed

1 file changed

+13
-14
lines changed

doc/http.8gx

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -107,13 +107,10 @@ Default: \fI10 minutes\fP
107107
.TP
108108
.TP
109109
\fBgss_program\fP
110-
The helper program to use for authenticating SPNEGO-GSS requests. The value is
111-
rudimentarily tokenized at whitespaces, so no special characters may be used.
112-
(If you need to, write a shell wrapper.) The special value "internal-gss" uses
113-
libgssapi directly.
114-
The use of Squid's negotiate_wrapper_auth is optional; Gromox can identify
115-
whether requests are SPNEGO-NTLMSSP or SPNEGO-Kerberos in the same fashion as
116-
negotiate_wrapper_auth does.
110+
The helper program to use for authenticating HTTP requests when
111+
Negotiate-SPNEGO headers are presented. The value is rudimentarily tokenized at
112+
whitespaces, so no special characters may be used. If necessary write your own
113+
wrapper. The special value "internal-gss" uses libgssapi directly.
117114
.br
118115
Default: \fIinternal\-gss\fP
119116
.br
@@ -250,13 +247,15 @@ all RPCs. Note the daemon log level needs to be "debug" (6), too.
250247
Default: \fI0\fP
251248
.TP
252249
\fBntlmssp_program\fP
253-
Path to samba-winbind ntlm_auth or equivalent program that implements the Squid
254-
authentication helper text protocol ("YR, TT, KK, AF"). The value is
255-
rudimentarily tokenized at whitespaces, so no special characters may be used.
256-
(If you need to, write a shell wrapper.)
257-
The use of Squid's negotiate_wrapper_auth is optional; Gromox can identify
258-
whether requests are SPNEGO-NTLMSSP or SPNEGO-Kerberos in the same fashion as
259-
negotiate_wrapper_auth does.
250+
The helper program to use for authenticating HTTP requests when NTLM or
251+
Negotiate-NTLM (but not Negotiate-SPNEGO-NTLM) headers are presented. The value
252+
is rudimentarily tokenized at whitespaces, so no special characters may be
253+
used. If necessary, write your own wrapper.
254+
.br
255+
Negotiate was meant to carry GSS-API auth data ("Authorization: Negotiate
256+
YII..."). NTLM can be wrapped in SPNEGO (also "YII"), but a handful of clients
257+
may also send raw NTLM tokens (appearing as "Authorization: Negotiate
258+
TlRMTVNT...").
260259
.br
261260
Default: \fI/usr/bin/ntlm_auth \-\-helper\-protocol=squid\-2.5\-ntlmssp\fP
262261
.br

0 commit comments

Comments
 (0)