Re: NTLM question

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 21 Aug 2001 08:34:14 +0200

"Chemolli Francesco (USI)" wrote:

> This emerged when Robert and I were attempting to perform
> upstream connection pinning to work around the deficiencies of
> MS's protocol.
> This does NOT depend on Squid. MSIE performs the same when using
> MS's own Proxy product.
>
> Solution? Bitch with the site webmaster or provide workarounds via
> proxy.pac.

Ok. So lets drop the idea of pinning as the usefullnes of if it will go
away by time. But we still have the problem of a web site with NTLM enabled
and older IE browsers or transparent proxies. Here it would be helpful if
Squid at least filtered out NTLM from the offered schemes before replying
to the client as Squid cannot proxy the NTLM authentication if attempted..

We have two options for webserver NTLM auth:

a) Connection pinning

b) Filter out the NTLM scheme before replying to client

I think one of the two should be implemented.

--
Henrik
Received on Tue Aug 21 2001 - 00:34:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:14 MST