Re: [squid-users] Not authorized to view page

From: Henrik Nordstrom <[email protected]>
Date: Fri, 7 Jan 2005 11:05:46 +0100 (CET)

On Fri, 7 Jan 2005, Kinkie wrote:

> That site is likely using NTLM authentication (or "windows integrated
> authentication". That authentication doesn't work across proxies by
> design (this not entirely true, it MIGHT be proxable but the details are
> not known).

Microsoft has documented the details on how they violate the HTTP protocol
and how proxies can detect this and work around their damage in an
unofficial Internet-Draft draft-brezak-kerberos-http-00.txt section "7.
Security Considerations". But it depends on both browser and server
versions to make it work. In addition this is not (yet) implemented in
Squid due to the rather fargoing changes required to support the HTTP
violations required.

> That authentication system is DEPRECATED by Microsoft for Internet
> usage, so I think that the best option is to contact the site
> administrator and ask him to user a saner authentication system.

True.

Regards
Henrik
Received on Fri Jan 07 2005 - 03:05:48 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST