I wanted to be able to transparently proxy Windows Integrated Authentication. I made a small change to squid that seems to let it
work. I altered the hash key used for the persistent server connection list so it includes the IP and port of the client, as well as
the host name and port of the origin server. So when a lookup is done for an idle file descriptor to use to connect to an origin
server, only a FD that has previously been used for a connection from the same client port will be used. Before I made this change,
in my test setup using IIS with Integrated Windows Authentication, I was getting multiple popups while trying to use Outlook Web
Access and also my test web server. After making the change, I got only one popup per session as hoped.
I don't understand why this seems to work, as the documentation, including from Microsoft says that the authentication method
requires end-to-end HTTP state, and this change is not sufficient to guarantee that. Perhaps others could try this and report on
what they find. Contact me directly for the source code I used.
Gary Price
Intelligent Compression Technologies
Received on Sat Mar 01 2003 - 20:49:22 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:53 MST