Re: [squid-users] Chain NTLM Auth on Squid and on Apache web server

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 17 May 2004 10:46:14 +0200 (CEST)

On Mon, 17 May 2004, CHARREAU Anthony wrote:

> If I try to see a Internet or Intranet website without NTLM auth through Squid, who always auth users with NTLM, it works fine.

This it should.

> So, Apache alone works fine, squid alone works fine, but when I try to chain both, it fails.

You can not proxy NTLM authentication via Squid. Microsoft twisted the
HTTP protocol too far outside the specifications when "designing" their
"NTLMSSP over HTTP" authentication model for this to be possible.

"NTLMSSP over HTTP" is NOT an HTTP authentication scheme. It is a twisted
attempt of making NTLMSSP masquerade itself like a HTTP authentication but
does not fulfill the fundamental message properties of HTTP making it
incompatible with any correct HTTP implementation.

Regards
Henrik
Received on Mon May 17 2004 - 02:46:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT