Re: [squid-users] Problem with AUTH

From: Henrik Nordstrom <[email protected]>
Date: Wed, 21 Nov 2007 21:44:21 +0100

On tis, 2007-11-20 at 23:00 +0100, Ralf Hildebrandt wrote:
> * Henrik Nordstrom <henrik@henriknordstrom.net>:
> > On tis, 2007-11-20 at 13:41 +0100, Ralf Hildebrandt wrote:
> >
> > > Why would the request be DENIED and ALLOWED at the same time?
> >
> > It's not. only denied.
>
> OK
>
> > But the access denied response is allowed. admittedly with a slightly
> > odd debug message...
>
> Meaning: The request is denied, but at least one gets a proper "Access
> denied"-page back?

Yes.

But I stand corrected. You also had request allowed, which isn't too
strange. Authentication uses a number of message exchanges where the
first until the client has successfully provided correct credentials is
denial responses. Thats why you have series of

request denied
response allowed

request denied
response allowed

request allowed
response allowed

When using NTLM this is all natural as NTLM requires at least two
exchanges per new connection.

For the other schemes you should see less of this. In basic practially
none except one or two initially, in digest very few every now and then,
and in negotiate practically none as well..

Regards
Henrik

Received on Wed Nov 21 2007 - 13:44:29 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST