RE: [squid-users] Authentication issue through the proxy

From: Scott Wrosch <[email protected]>
Date: Mon, 3 Mar 2003 14:03:36 -0500

Hi Henrik,
 
> You cannot use Microsoft Integrated Login to web servers via Squid (or
> mostly any other Proxy).

Somehow, I figured as much. And it's not just limited to Squid, which
is nice. Makes my argument even more sound for changing anything (it's
never _their_ configuration that's wrong, it's mine that's wrong).

> This does not mean that you cannot use Microsoft Integrated Login to
the
> proxy and plain Basic authentication to the web server.

Oh? Please, do tell. I'm assuming it's done via an ACL, but I was
looking through the squid.conf, and didn't see any option that stuck out
for configuring it like that. But, does this mean that the web server
needs settings changed as well? I get the feeling that they aren't
going to want to change anything on the web server. But, I'll do what I
can, as long as I can still get to that site through Squid.

> See http://www.squid-cache.org/Versions/v2/2.5/bugs/ for an option to
> make web server authentication a bit more stable when using proxies.
> There you can find a patch to Squid which will make Squid remove any
> proposals which is known not to be possible to proxy (Microsoft NTLM
or
> NEGOTIATE authentication).

I'm assuming that patch was incorporated into everything above
2.5-STABLE1, correct? (IE the daily snapshots.) If so, I'm running
2.5.STABLE1-20030225. I tried applying it, and it said that it had
already been applied, so I'm figuring that's the case.

Thanks for the help!

Scott
Received on Mon Mar 03 2003 - 12:04:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:54 MST