On Fri, 2006-09-01 at 09:58 -0400, Nick Duda wrote: > I've read about the issues with NTLM passthrough on squid. Those should be pretty much an issue of the past now with the release of Squid-2.6 with support for NTLM passthrough. If you still have problems with 2.6.STABLE3 please file a bug report. An alternative which is recommended and works for all proxies is to have the web site use https on authenticated content. https is tunneled via the proxy, not proxied, and therefore works fine even with non-HTTP-compliant authentication such as NTLM. > Is there any > way a client can be configured to use squid for its cached content (like > images) but go directly to a server for NTLM (nt auth)? Only by URL-based exclusions. > I understand squid has an issue with this, as I've tried to get this to > work once and was even told by some of you very smart people that i was > beating a dead horse because Microsoft cant write ntml properly :) Microsoft knows NTLM reasonably well.. it's HTTP they don't understand.. > Can > squid be configured in a way that serves up images and such from this > server but does the nt auth not going through squid? Only if a) These images can be identified by URL. and b) Access to these images does not require authentication. For 'a' use a pac file which gives your detailed control of what URLs to proxy or not.. But as I said above: With Squid-2.6 it should just work. Regards Henrik
