On 3/22/06, Neil A. Hillard <hillardn@xxxxxxxxx> wrote: > Maarten, > > >>> Hi, > >>> > >>> My squid proxy doesn't seem to get a login prompt from a webiste: > >>> http://www.europanelsoverseas.be/webalizer/ (IIS webserver) > >>> > >>> When I did a packet capture on the machine, I saw that, in response to > >>> the proxy's GET /webalizer HTTP/1.0, the webserver responded > >>> immediately with 401 HTTP code. > >>> > >>> Does anyone know what I'm doing wrong here or what might cause this behaviour? > >> Yes - the web server is using NTLM authentication. It is fundamentally > >> broken and does not work through proxies (unless they specifically work > >> around its brokenness - Squid does not). > >> > >> Switch it (or tell the admin to) basic or digest auth. If using basic > >> auth you may want to use SSL so that the credentials aren't sent in the > >> clear. > > > > Does this mean that the NTLM code is proprieatary and changes alot so > > squid can't keep up? There's no chance of fixing this on the squid > > level then? > > See http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14 > > NTLM is broken end of story and won't be supported in Squid. You should > choose a _standard_ authentication protocol, not one M$ dreamt up > (complete with bugs). --> OK, I thought it wouldnt work cause of Mikeysofts software (Am I allowed to call it software?:-) ) Thanks for all your answers! Maarten.
