Search squid archive

RE: Authentication to Sharepoint not happening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Looks like we are making progress. Yeah there is a condition in the code client_side.c that relates to when "WWW-Authenticate" header is being deleted. Condition checks for no_connection_auth flag in the request.

This is the code. It checks if there is no_connection_auth in incoming request then that header is being deleted. I think it relates to pinning connections as you said earlier.

		if (request->flags.no_connection_auth) {
            httpHeaderDelAt(hdr, pos);
            connection_auth_blocked = 1;
            continue;
            }

But in Squid-2.7.Stable7 there is support only for specifying no-connection-auth in http_port directive. In Squid 3.1 we can turn it on|off using connection-auth=[on|off].

How to not set the no_connection_auth flag in Squid-2.7.Stable.7?

Regards,
Saurabh

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Tuesday, February 01, 2011 4:39 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Authentication to Sharepoint not happening

On 01/02/11 23:57, Saurabh Agarwal wrote:
> Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried using http11 with http_port and ignore_expect and it still doesn't work.
>
> I think this is by design in Squid. Following code in "client_side.c" suggests that it will always filter the "WWW-Authenticate" header from HTTP Headers by treating it as unproxyable auth type.
>
>     /* Filter unproxyable authentication types */
>      if (http->log_type != LOG_TCP_DENIED&&
>      (httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE))) {
>      HttpHeaderPos pos = HttpHeaderInitPos;
>      ....
>      ....
>      ...code here removes the "WWW-Authenticate" from HTTP Header.

There should be some conditions skipping removal on "must_keepalive" or 
"proxy_keepalive" flags in there.

I would expect pinning to be in effect at this point. If not that is a 
problem someone might find worth fixing one day. For Negotiate auth type 
at minimum.

>
> Also the following link "http://www.visolve.com/squid/Squid_tutorial.php#Authentication_";  suggests that Proxy Auth can't work in transparent mode.
>
> Can you please comment on this?

Yes "Proxy-Authenticate:" will not work in transparent mode. There is no 
reason why "WWW-Authenticate:" with the origin cannot.


Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux