Re: [squid-users] Squid and NTLM passthrough

From: Steffan Corley <scorley@dont-contact.us>
Date: Tue, 16 Jan 2007 17:42:54 +0000

Hi again,

We can't get NTLM passthrough to work in our initial tests. This could
well be a problem with our ISA server set up (it's proved a bit
difficult to get a reliable configuration so far), but I have two concerns:

1. We need NTLM passthrough to pass credentials on to an upstream server
rather than to the end website (i.e. the --proxy-ntlm option in curl).
Is this supported?

2. Are there any compile-time configuration options I will need for this
to work? Do we need to compile any NTLM auth helpers?

Thanks for any help.

Steffan

Henrik Nordstrom wrote:
> mån 2007-01-15 klockan 14:53 +0000 skrev Steffan Corley:
>
>
>> 1. Is NTLM passthrough actually implemented?
>>
>
> Yes.
>
>
>> I can find nothing in the Squid documentation.
>>
>
> Hmm.. thoght we had a blurb about this in the release notes, apparently
> not... I'll make sure there is one for the next release.
>
>
>> Does it do what I would need for this to actually work (i.e. maintain
>> a 1-1 mapping between client connections and connections to the
>> upstream proxy)?
>>
>
> You only need to do stuff if you don't want the feature.. (other than
> upgrading)
>
>
>> 2. Will the cached pages get served to different users without
>> checking whether the upstream ISA server would have blocked them for
>> this user?
>>
>
> If they are cacheable yes, or at least that's the intention. Have not
> verified.
>
>
>> I.e. if user A visits www.dodgy.com and is not blocked by ISA server,
>> will www.dodgy.com be served from the cache to user B regardless of
>> whether the ISA server would have blocked them or not.
>>
>
> Probably, if the page was cacheable.
>
> Regards
> Henrik
>
>
Received on Tue Jan 16 2007 - 10:43:02 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST