RE: NTLM authentication

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sun, 16 Jul 2000 12:25:10 +1000

RE: NTLM authenticationOk, I'll leave aside the denied logs messages (I'll
put some thought into the safety vs clarity issue).
I've tried reversing the order of Basic and NTLM, and IE 5 (haven't checked
4) still ignores the NTLM line in favour of Basic. I've got a msproxy eval
hanging around somewhere so I'll see what it spits out when it's got both
basic and NTLM authentication turned on.
<guess mode on>
It may be that MSProxy spits out the WWW-Authenticate and
X-Proxy-Authenticate headers.. as MSProxy is an ISAPI extention anway.
</guess mode>
Rob
-----Original Message-----
From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
Sent: Wednesday, 12 July 2000 9:10 AM
To: Robert Collins
Cc: squid-dev@squid-cache.org
Subject: Re: NTLM authentication

Robert Collins wrote:
> I modified the code to only present the NTLM line, and voila, it works
> as per the various notes around on sourceforge, and this list.
Ok. The probably have to be reordered the other way around.
> I'm planning on doing some work on this in the near future. I suggest
> that the process should be
>
> check the Agent header, if it contains MSIE (ideally if it matchs a
> particular acl type - say NTLM_agents) present NTLM only, otherwise
> present all known auth lines.
> If the browser won't accept NTLM, fall back to presenting all known auth
> lines.
Shouldn't be needed. It isn't needed for WWW-Authenticate. IIS sends
both if both are enabled.
Received on Sat Jul 15 2000 - 20:20:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:32 MST