On Tue, 16 Mar 2004, Rodrigo Royo, Diego wrote:
> We are using squid.2.5.STABLE5 pached + samba.3.0.2 to support NTLM
> authentication. It works fine, but we have noticed a lot of traffic due
> to TCP_DENIED 407 when using https (port 443), each requests take about
> 1.7 kBytes, is possible to reduce this?
This is normal and part of how NTLM operates due to a design flaw in the
Microsoft NTLM over HTTP authentication scheme (the same issue also shared
by their newer Negotiate/Kerberos over HTTP scheme... yuck)
For each new TCP connection there is two TCP_DENIED messages while Squid
and the browser negotiates the NTLM authentication.
Reason: Microsoft designing a connection oriented authentication scheme
ontop of HTTP instead of following the HTTP standard which requires
message based authentication.
Regards
Henrik
Received on Tue Mar 16 2004 - 10:35:01 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST