On 11/03/11 20:40, Stranger Stranger wrote:
It means NTLM authentication. I want to forward domain user name and password to bluecoat over squid. I want to use squid only caching.Authentication will be on bluecoat.
Squid cannot support NTLM like this. The closest we can get is performing Negotiate auth on the link between Squid and the BC. Which uses the Squid box credentials, not the clients.
The squid-3.2 "login=PASSTHRU" option was added for a scenario like yours to relay auth headers unchanged to the other proxy. This makes Squid act for Proxy-auth the same way it would for WWW-auth (ignore and dumb-relay). It will fail if Squid is doing anything to participate in the auth transfer. ie even the fake NTLM helper for logging breaks it.
Disclaimer: 3.2.0.5 has a bug which crashes NTLM. Fix underway. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5
