Hi All,
I am trying to use Squid as an accelerating proxy server to a web server
that is authenticating clients via NTLM. This is on an intranet. I
*know* the limitations of NTLM, and I *know* it is a crap protocol and
breaks standards etc. but it is what we are stuck with on this intranet
:(
Looking through the archives I see lots of posts saying that Squid (and
other proxies) cannot proxy NTLM. Why is this? I understand the
keepalive requirements of NTLM and I thought that squid honoured
keepalives with both the client and the server?
Or, put another way, we sucessfully proxy NTLM with apache 2.0 and
mod_proxy to a backend server, so I know it is technically feasible. The
issue is that squid is much better at proxying than apache, so we would
really like to use that.
From my initial tests it looks like squid (2.5-stable9) seems to be
actively removing the WWW-Authenticate header on the way from the backend
server to the client. I do not have any of the anonymiser features
enabled in Squid, so it should not be mangling any headers.
Any ideas?
-Matt
-- Matt Hamilton matth@netsight.co.uk Netsight Internet Solutions, Ltd. Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Design | Zope/Plone Development and Consulting | Co-location | HostingReceived on Fri Mar 04 2005 - 07:39:04 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:01 MST