Re: Auth problem

From: Henrik Nordstrom <[email protected]>
Date: Wed, 12 Jan 2000 00:12:20 +0100

Petr Sebor wrote:
>
> Oh my, this is what I was really afraid of. Either from Netscape or Lynx I
> am not able to get there. Lynx even says :
> Alert!: Invalid header 'WWW-Authenticate: NTLM'
>
> Well, obviously you are right, this is a M$ feature...

Ask the site maintainer to enable basic http authentication. (directory
security -> anonymoust -> plain text.. Don't ask me why M$ puts the
configuration setting on what authentication methods to allow under
"anonymous access" of all strange places..). It defaults to being
disabled in MS IIS servers...

Regarding the alert from Lynx: pure bullshit. It is a valid header, it
is only Lynx that does not know what to do with it. The proper action is
to ignore Authenticate headers with unknown protocols, and alert if no
compatible protocol can be found.

Yes, NTLM HTTP Authentication is a MS specific feature to HTTP, and in
spirit of most MS features it does not adhere the guidlines for HTTP
structure.

a) It requires persistent connections end-to-end, while HTTP defines
persistency as a hop-by-hop property.

b) Only the first request on a connection carries authentication
information. The following requests automatically inherits the same
authenticated status. HTTP defines authentication as a
message-by-message property, not per connection.

--
Henrik Nordstrom
Squid hacker
Received on Tue Jan 11 2000 - 22:46:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:19 MST