Search squid archive

Re: Squid proxying NTLM authentication servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 27 Sep 2005, Vinod Patel wrote:

        /* code for removing NTLM headers from reply */

I removed the above code and NTLM auth seems to work for me.

No it does not.

If you remove this code the following result will be seen:

  - In light testing as a single user it may appear to work at first
- After more indepth testing you will notice random authentication popups as the first sign of trouble - After more testing with multiple users you will notice the random authentication popups a lot more - And if you look more closely at the web server logs or what permissions is given to each user you will notice that the server "randomly" assings another user to the requests when an authentication popup is not given.

With firefox, it works for both transparent mode as well as proxy mode.

The fact that Firefox works in proxy mode can to a remote extent be argued to be a bug in Firefox not implementing NTLM in the same manner as MSIE.

With IE, it works in transparent mode, but does not work in proxy mode.

As it should. Microsoft is well aware of the problems. See Internet draft draft-jaganathan-kerberos-http-01 for details on what is required to use NTLM and Negotiate over HTTP proxies.

Regards
Henrik

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux