Hi, Amos
> Um, what is your use-case here?
> * Squid logging into the ICAP server?
> * Performing Basic auth with different realms based on ICAP criteria?
+------+
|server|
+-+----+
|
---+--+---------
|
+----+-----+ +-------------+ +----------+
| squid | <------> | ICAP server | <---> | AD |
+----------+ reqmod +-------------+ auth +----------+
|
---+--+---------
|
+-+----+
|client|
+------+
* The ICAP server has BASIC authentication feature "by itself".
So, ICAP server returns
HTTP/1.0 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="XXXXX"
* I don't use squid's authentication feature.
I'd like squid to permit the header. Do you understand ?
Sincerely,
--
Mikio Kishi
On Sun, Aug 15, 2010 at 10:40 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> Mikio Kishi wrote:
>>
>> Hi, all
>>
>> If the icap server(reqmod) responses the following,
>>
>> HTTP/1.0 407 Proxy Authentication Required
>> Proxy-Authenticate: Basic realm="XXXXX"
>>
>> squid try to delete the Proxy-Authenticate header ....
>>
>>> client_side_reply.cc
>>> 1218 // if there is not configured a peer proxy with login=PASS
>>> option enabled
>>> 1219 // remove the Proxy-Authenticate header
>>> 1220 if ( !(request->peer_login &&
>>> strcmp(request->peer_login,"PASS") ==0))
>>> 1221 reply->header.delById(HDR_PROXY_AUTHENTICATE);
>>
>> The above codes is that. For your information, squid 3.0 is no problem.
>> What do you think ?
>>
>> Squid version: 3.1.6
>
> Um, what is your use-case here?
> * Squid logging into the ICAP server?
> * Performing Basic auth with different realms based on ICAP criteria?
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.6
> Beta testers wanted for 3.2.0.1
>
