hehe. yep i mean basic. sorry.
ta for tcpdump.
interesting idea. i might put basic first and see if IE takes the best
option, not the last option in the list (if it makes a diference that is)
and then see if adobe takes the basic option. then i'll be set.
i'll follow it up with adobe anyway. what's a pain is i probably have to go
and find the license numbers and reg info just to log a bug. <sigh> these
closed source companies, i ask you.
thanks
Matt
-----Original Message-----
From: Robert Collins [mailto:robertc@squid-cache.org]
Sent: Friday, 11 July 2003 11:55 AM
To: mwestern@sola.com.au
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] ACL Regex Browser - for Adobe Web capture?
On Fri, 2003-07-11 at 12:03, mwestern@sola.com.au wrote:
> Hi Robert,
>
> >you can simply allow adobe based on a browser regex before your auth
> >triggering http_access lines.
>
> that's what i'm hoping to do to get around this problem. have you managed
> to do this? i've not experimented yet as i didn't know what adobe tells
> squid what browser it is. i'm going to tcpdump eventually and see if i
can
> figure it out.
Yup. tcpdump -s 1500 -X port 8080 host <srcip you are testing from>
that should do it for you.
> >As far as the adobe tool working with plain, not when NTLM is enabled,
> >that smells like a bug - RFC 2617 specifies that user agents should
> >select the -best supported- auth scheme offered by the proxy - and as
> >you have plain enabled, adobe should select that and use it.
>
> just plain works with adobe. ntlm doesn't. and ntlm first and plain
second
> doesn't. sad that.
Uhm 'plain'? I presume you are referring to 'basic' - there is no such
scheme as plain.
> i'm guessing that adobe is selecting the best supported one which is ntlm
> and failing because it doesn't like it. it's version 5 of pdf which isn't
> the latest (6 is out).
Thats the point - if it doesn't like NTLM, it shouldn't select it
according to the RFC. This is grounds for a bug report to the vendor -
adobe- IMO. I was giving you the description, to help you make the case
to them :}.
Anecdotally MSIE has(perhaps had - I haven't tested for a while) a bug
that it always chooses the first offered scheme, even if it is less
secure than others in the list.
Rob
-- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.Received on Thu Jul 10 2003 - 20:31:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:56 MST