[squid-users] Re: Why can't Squid 2.5 handle Integrated Authentication while doing proxy chaining

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 16 Sep 2006 11:25:20 +0200

fre 2006-09-15 klockan 13:51 -0700 skrev Fleming Shi:
> Folks,
>
> I know by reading the FAQ and archived messages that putting Squid
> between ISA and users, it will break the Integrated Authentication on
> ISA. And the only way is BASIC scheme on ISA. I'm curious why that
> is?

Because Microsoft ignored the HTTP specifications when they implemented
their NTLM over HTTP authentication mechanism.

> Are there some headers that squid is not passing thru or is this just
> IP layer security issue, client ports etc. Is there anything I can do
> to make this work?

You can upgrade to Squid-2.6 which has a workaround for the protocol
violations introduced by Microsoft.

Regards
Henrik

Received on Sat Sep 16 2006 - 03:25:24 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT