On 1/10/2013 8:25 a.m., Ron Wheeler wrote:
Yes
Yes
Nothing?
Er. That should be: "yes. no. upgrade?"
NTLM will only succeed on the *third* attempt. So some 60% of requests
get DENIED. Usually on the pattern that two connections are used - the
first only gets a DENIED then closed, the second gets DENIED then success.
We are continuously improving Squid and there have been many NTLM fixes
since 3.1 series and a few in Kerberos handling as well. So upgrading to
the latest stable will possibly improve things a little bit for the
problems not yet noticed even though the described behaviour is expected.
I think that the problem comes from the fact that the browser has no
idea about what the authentication will be (if any) when it first
makes the request.
Once the server says "Whoa, Why should I let you in?", the browser
knows that it needs to engage in an authentication process.
Exactly so. Good description BTW.
I could be wrong but I am sure that a quick Google will get you a full
description of the process.
Ron
Amos