Re: [squid-users] FAQ - 5.13 IE 6.0 SP1 fails when using authentication

From: Henrik Nordstrom <[email protected]>
Date: Thu, 29 Apr 2004 00:43:57 +0200 (CEST)

On Wed, 28 Apr 2004, Karl Kopper wrote:

> I'm running RH 7.3.
>
> I just modified the file in /usr/lib/squid:
>
> # ls -l /usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED
> -rw-r--r-- 1 root root 9028 Apr 26 15:51
> /usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED
> # service squid restart
>
> I still have the problem ?

Well, it was worth a try anyway.

I have very little trust in IE 6.0 when it comes to authentication. This
browser has had way to many authentication related bugs, and in each fix
from Microsoft they seem to manage to break some authentication in some
other manner. What is even more amasing is that they often know they break
things even before they release the bugfix.. (documented).

To summarise the different things which has been reported to make a
difference:

  - Make the error page larger. I don't remember exacly how large it needs
to be but it is a fair bit..

  - The "Use HTTP/1.1 via proxies" option. Some says it works better with
this off, some say it works better with this on. Probably dependent on
what IE 6.0 patches you have applied.

  - NTLM and Basic authentication behaves entirely different, and it is
very likely problems only affect one of the schemes at a time. You may
however find that depending on the IE patch level and configuration it
works eiter with NTLM or Basic so in a sufficiently large population you
are likely to have troublesome ones in whatever approach you take.

  - NTLM requires "client_persistent_connection on". This is an absolute
MUST to use NTLM authentication.

Regards
Henrik
Received on Wed Apr 28 2004 - 16:44:00 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT