The downstream proxy authenticates the users (with SPNEGO for example). The downstream proxy sends the Proxy-Authorization token with only the username in it. But the Squid will send the request to Symantec Messagelabs, but it can't create the right X-saucer and X-teacup headers, if the user is authenticated only with username, but expects domain\username in the Proxy-Authorization field. Thanks, Attila On Wed, Aug 28, 2013 at 7:01 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > What you think of as "domainname\" is part of the user login credentials as > far as Basic is concerned and needs to be sent by the downstream proxy.
