Re: [squid-users] Squid - Http authentication prompts on websites

From: Maarten Claes <[email protected]>
Date: Wed, 22 Mar 2006 15:38:53 +0100

On 3/22/06, Neil A. Hillard <hillardn@whl.co.uk> wrote:
> Maarten,
>
> >>> Hi,
> >>>
> >>> My squid proxy doesn't seem to get a login prompt from a webiste:
> >>> http://www.europanelsoverseas.be/webalizer/ (IIS webserver)
> >>>
> >>> When I did a packet capture on the machine, I saw that, in response to
> >>> the proxy's GET /webalizer HTTP/1.0, the webserver responded
> >>> immediately with 401 HTTP code.
> >>>
> >>> Does anyone know what I'm doing wrong here or what might cause this behaviour?
> >> Yes - the web server is using NTLM authentication. It is fundamentally
> >> broken and does not work through proxies (unless they specifically work
> >> around its brokenness - Squid does not).
> >>
> >> Switch it (or tell the admin to) basic or digest auth. If using basic
> >> auth you may want to use SSL so that the credentials aren't sent in the
> >> clear.
> >
> > Does this mean that the NTLM code is proprieatary and changes alot so
> > squid can't keep up? There's no chance of fixing this on the squid
> > level then?
>
> See http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
>
> NTLM is broken end of story and won't be supported in Squid. You should
> choose a _standard_ authentication protocol, not one M$ dreamt up
> (complete with bugs).
--> OK, I thought it wouldnt work cause of Mikeysofts software (Am I
allowed to call it software?:-) )

Thanks for all your answers!

Maarten.
Received on Wed Mar 22 2006 - 07:39:02 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST