Hi,
there is a known problem with certain Java applets (http(s) clients) when
using NTLM authentication (see e.g. [1]). In Squid 2 a widely adopted
workaround was to force basic authentication for those clients:
acl javaNtlmFix browser -i java
acl javaConnect method CONNECT
header_access Proxy-Authenticate deny javaNtlmFix javaConnect
header_replace Proxy-Authenticate Basic realm="foo"
I don't get this to work in Squid 3. The 'header_access' option
has been split into {request,reply}_header_access, and 'header_replace'
seems to have been changed to only apply to request headers.
Any ideas? I'm sure I'm missing something. I experimented with a
couple of other options, but without getting the wanted result.
Disabling authentication completely for Java applets isn't feasible
(security policy). I did find a couple of similar reports on the
mailing lists archives, but no solution AFAICT.
We're running squid3-3.0.STABLE19 on SLES10-SP1. We could easily
deploy custom RPMs built from e.g. a newer Squid version if there
is a known solution.
Thanks,
Marco
[1] http://squid-web-proxy-cache.1019090.n4.nabble.com/force-basic-NTLM-auth-for-certain-clients-urls-td1023739.html
