On Fri, 2006-09-01 at 09:58 -0400, Nick Duda wrote:
> I've read about the issues with NTLM passthrough on squid.
Those should be pretty much an issue of the past now with the release of
Squid-2.6 with support for NTLM passthrough. If you still have problems
with 2.6.STABLE3 please file a bug report.
An alternative which is recommended and works for all proxies is to have
the web site use https on authenticated content. https is tunneled via
the proxy, not proxied, and therefore works fine even with
non-HTTP-compliant authentication such as NTLM.
> Is there any
> way a client can be configured to use squid for its cached content (like
> images) but go directly to a server for NTLM (nt auth)?
Only by URL-based exclusions.
> I understand squid has an issue with this, as I've tried to get this to
> work once and was even told by some of you very smart people that i was
> beating a dead horse because Microsoft cant write ntml properly :)
Microsoft knows NTLM reasonably well.. it's HTTP they don't understand..
> Can
> squid be configured in a way that serves up images and such from this
> server but does the nt auth not going through squid?
Only if
a) These images can be identified by URL.
and
b) Access to these images does not require authentication.
For 'a' use a pac file which gives your detailed control of what URLs to
proxy or not..
But as I said above: With Squid-2.6 it should just work.
Regards
Henrik
Received on Fri Sep 01 2006 - 08:52:49 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT