> >> in the first case (HTTP and GET) the client (javaws) sends a >> "Keep-alive: 300, Connection: keep-alive", in the second >case (HTTPS and >> CONNECT) no keep-alive is sent and so the NTLM-Auth failes. > >keep-alive is needed for NTLM. Without keep-alive only Basic or Digest >can be used. > >> can someone help us in finding the error? is it something >with java or >> javaws (sun says, that starting with java 1.4 ntlm and https should >> work). > >It's an java JRE issue most likely. > so seems that we have no chance to find a workaround. one (minor) problem is, that we have written the acls in that way, that squid will try NTLM Auth and makes no fall back to ntlm via basic auth. this way we prevent that users will have many auth dialogs when they only are allowed to access "open" websites. that also includes ad banners on "open" sites... so this means, that if NTLM auth failed no basic auth is done. basic auth only comes up if the client does not support NTLM. it works with HTTP but not with HTTPS. so it really seems to be an issue with Java. the faqs say that it (should) work with java 1.4.2 and up... seems that we have no real chance to solve this... maybe we can "open" jnlp-urls, so that no auth is required... but this looks like a cheap trick... markus
