Troy wrote:
Everything I have read says you have to bypass the
proxy to access an NTLM enabled website. I just want to verify
this is still the case.
This is not a squid problem but a limitation of the NTLM protocol which
was not designed to work through a proxy.
This protocol needs a direct end-to end connection. I think I remember a
discussion how it is possible to circumvent this but to my knowledge no
real solution nor a workaround has been proposed.
One could put it another way round: it is not a good idea to use NTLM on
a publicly accessible website, on the one hand because the website will
not be accessible from inside many corporate networks, on the other hand
because NTLM has a lot of security implications and limitation when run
on a publicly accessible server.
Yours,
Jakob Curdes
