Hello!
Is it correct to say that a response can only have one authenticate in
the headers? That a request containing a WWW-Authenticate cannot have a
Proxy-Authenticate as well?
If I have a site which requires authentication with a given scheme, am I
right to assume that the only way a authenticating proxy between the
site and the user can use authentication is if the authentication tokens
sent by the user are the same for the proxy and the site? Is basic
authentication the only auth system that can be chained in this way?
Lastly, assuming a proxy with no auth, is it now possible to have a
WWW-Authenticate using the NTLM scheme pass though a squid proxy? In the
past I believe the answer is no, but I want to be sure nothing has
changed since.
Thanks for the help in this,
Matt Smith