Jakob Curdes escreveu:
Troy wrote:This is not a squid problem but a limitation of the NTLM protocol which was not designed to work through a proxy. This protocol needs a direct end-to end connection. I think I remember a discussion how it is possible to circumvent this but to my knowledge no real solution nor a workaround has been proposed.Everything I have read says you have to bypass the proxy to access an NTLM enabled website. I just want to verify this is still the case.One could put it another way round: it is not a good idea to use NTLM on a publicly accessible website, on the one hand because the website will not be accessible from inside many corporate networks, on the other hand because NTLM has a lot of security implications and limitation when run on a publicly accessible server.
We discussed this a few days ago. Basically squid 2.6 and squid 3.0 can do NTLM site authentication just fine. If you cannot authenticate to your NTLM authentication enabled site, just upgrade to squid 2.6 or squid 3.0. There's no need for special configuration regarding NTLM thing ... it simply works.
Yes I do agree that it may not be the smartest idea to use NTLM authentication on a publically available site. But for us, squid admins, simply using squid 2.6/3.0 solves this problem and enables NTLM authentication sites to work properly.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@xxxxxxxxxxxxxx My SPAMTRAP, do not email it
<<attachment: smime.p7s>>
