Re: [squid-users] Authentication to Sharepoint not happening

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 02 Feb 2011 00:08:53 +1300

On 01/02/11 23:57, Saurabh Agarwal wrote:
> Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried using http11 with http_port and ignore_expect and it still doesn't work.
>
> I think this is by design in Squid. Following code in "client_side.c" suggests that it will always filter the "WWW-Authenticate" header from HTTP Headers by treating it as unproxyable auth type.
>
> /* Filter unproxyable authentication types */
> if (http->log_type != LOG_TCP_DENIED&&
> (httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE))) {
> HttpHeaderPos pos = HttpHeaderInitPos;
> ....
> ....
> ...code here removes the "WWW-Authenticate" from HTTP Header.

There should be some conditions skipping removal on "must_keepalive" or
"proxy_keepalive" flags in there.

I would expect pinning to be in effect at this point. If not that is a
problem someone might find worth fixing one day. For Negotiate auth type
at minimum.

>
> Also the following link "http://www.visolve.com/squid/Squid_tutorial.php#Authentication_" suggests that Proxy Auth can't work in transparent mode.
>
> Can you please comment on this?

Yes "Proxy-Authenticate:" will not work in transparent mode. There is no
reason why "WWW-Authenticate:" with the origin cannot.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Tue Feb 01 2011 - 11:09:01 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST