Re: [squid-users] 401.2 Authentication Error

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 8 Apr 2004 01:15:45 +0200 (CEST)

On Wed, 7 Apr 2004, Ed Rodgers wrote:

> I think it has something to do with the fact that the site it is
> accessing is an IIS site that allows no anonymous access, and
> uses "integrated windows authentication" as it's only
> authentication.

Then the site must be using https:// to be accessible via proxies.

This is due to a design flaw in the Microsoft NTLMSSP over HTTP
authentication scheme making it incompatible with the HTTP specification.

This "integrated windows authentication" (NTLMSSP or NEGOTIATE over HTTP)
was designed for the sole purpose of authenticating LAN clients to local
servers. Any other use of this authentication scheme is terribly
inappropriate, and can even be dangerous to your personal security.

Regards
Henrik
Received on Wed Apr 07 2004 - 19:22:04 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT