Re: [squid-users] WWW-Authenticate header

From: Mike Bordignon \(GMI\) <mike_at_gmi.co.nz>
Date: Wed, 15 Jun 2011 08:48:31 +1200

On 14/06/2011 6:32 p.m., Amos Jeffries wrote:
> Not another one. Good luck.
>
> If you have any influence or contact with the devs of that app please
> help educate them of the safety issues involved with sending users
> internal machine logins out over the global Internet. And HTTPS is no
> longer a guarantee of protection.
>
>

I do have access to the devs, but access won't be over the Internet -
it'll be over a LAN. No problem there.

>> replies with a WWW-Authenticate header. Squid doesn't appear to be
>> passing through the Authentication headers to the browser.
>
> Indicating that Squid has detected the TCP links involved do not
> support that type of auth.

I've since used Wireshark and it appears I am receiving WWW-Authenticate
headers. Somewhat confused now.

>
> pipeline_prefetch is one feature which NTLM auth will break. Make sure
> that is turned OFF manually.
>
> HTTP/1.0 persistent connections is another. Make sure
> client_persistent_connections is turned ON manually in 3.1 series.
> Make sure that server_persistent_connections is REMOVED from your
> config in 3.1 series, and manually turned ON in 3.0 and earlier.
>
>
> After that its cross fingers and hope. If you find anything strange
> still going on, please mention it.
>
> When you encounter a problem the first thing asked will be to verify
> it on the latest release. It speeds up the fix a bit if that is where
> its found.

Thanks, I will keep that in mind. I've made the other config changes you
suggest but still I get prompted for a password by my browser, I enter
the correct password and again I get the prompt (via Firefox). IE is
working, however?!
Received on Tue Jun 14 2011 - 20:48:41 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 15 2011 - 12:00:03 MDT