Re: [squid-users] squid authentication details when using NTLM integrated authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 22 Mar 2005 08:50:58 +0100 (CET)

On Tue, 22 Mar 2005, Brett Lymn wrote:

> We have added websense to the mixture, this also works fine and good mostly
> except for one small thing - when squid passes the authentication details
> to the Websense redirector the '\' character has been encoded as a %5c

yes..

> which I can understand but the Websense people see this as an issue and
> their AD lookups fail because they don't parse on the %5c.

Then they only support Squid-2.5.STABLE4 or earlier. See the release
notes.

The reason to this change is to make sure the redirector protocol does not
break down should there be a login with a space in it's name. See the
patch link below.

> Websense support are claiming that I must have configured something
> incorrectly but, for the life of me, I cannot see anything to configure
> for this. Am I missing something here?

This is not configurable, but you can back out the relevant change from
the source if you like.

http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-redirect_login_space

> For the moment I have chained a redirector in front of theirs that rewrites
> the %5c sequence back into a \ character - all works and is happy but it
> annoys me that I need to blow another n processes simply to work around
> what I think is a bug in Websense.

Agreed.

Regards
Henrik
Received on Tue Mar 22 2005 - 00:51:00 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST