Re: [squid-users] Does Squid 2.5.PRE5 support NTLM WWW authentica tion ?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 12 Apr 2002 13:06:54 +0200

Van Bossche Koen wrote:

> So it means Squid cannot be used? Aren't there any alternate solutions to
> handle that?

Neither can MS Proxy if your web server requires NTLM authentication.

The MS NTLM over HTTP authentication sheme is fundamentally flaved, violating
important aspects of HTTP. There cannot be a standard HTTP proxy inbetween
the user and the point where authentication is performed.

As a result of this, newer versions of MS-IE reportedly won't even attemtp to
use MS NTLM authentication to log in to web sites when using a proxy.

This said, in theory it is possible to make a HTTP proxy where proxying of
NTLM authentication will work, but only by adding a quite gross hack specific
for MS NTLM authentication. If there is interest in having this hack
developed for Squid then consider sponsoring one of the Squid developers to
develop the feature/hack.

> If the destination web server would use something different like basic
> authentication, wouldn't it then work?

Ofcourse. Basic HTTP authentication is fully HTTP compliant, and can be
proxied by all HTTP proxies.

Regards
Henrik Nordström
Squid Developer
Received on Fri Apr 12 2002 - 05:07:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:32 MST