Hi.
I'm using squid for more than 10 years for now.
I wrote a couple of articles about it.
But there are still some basic things about it that I don't understand.
Or, I don't know, some things about proxy authentication.
I know I will look silly, but I still decided to ask.
I decided to ask here, not because I'm sure it's a squid issue (I guess
it's not) but because I think you guys have answered a lot of stupid
questions "why my authentication does'nt work".
So. I imagine I have set up some authentication schemes. Basic, NTLM,
doesn't matter.
Imagine I have mozilla on some UNIX operating system. I launch it, I see
that it's NTLM since it doesn't show the realm (and basic of course
does) then I enter my credentials (I guess it's okay for unix, as
mozilla on windows domain machine doesn't ask for it, so it must be some
issue in NTLM/mozilla/samba or whatever), then it's okay until some
point. But sooner or later Firefox (and Mozilla previously) will reask
about my credentials. This happens a lot on UNIX OSes, and mostly with
Mozilla. This happens though with Chrome, but not that often.
What is it ? How long the credentials do stay in squid's cache ? I know
about 'credentialsttl' for basic scheme, but there's no such option for
NTLM. I've read the RFC 2617 and I dumped the HTTP sessions of client
browsers with my proxy, but I didn't find the answer on a question "why
the authentication popup reappears" - the RFC says nothing about
reasking or keeping the explicit cache. One more question - why the
browser cannot simply and silently resend the authentication, - all the
browsers I've seen show the authentication popup again, so I think this
is some common approach and not the browser developer conspiracy.
Thanks.
Eugene.
