Hi,
please do not remove that code. NTLM is seriously broken and makes
incorrect assumptions. As
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
states:
> Windows NT Challenge/Response authentication requires implicit
> end-to-end state and will not work through a proxy server.
Therefore the check should be left in. If you are responsible for the
service you should look at https + Basic Auth, otherwise you should
convince the host of the site to do that.
HTH,
Neil.
Vinod Patel wrote:
> Hi,
> I read the squid FAQ's and it says that
> " We cannot proxy connections to a origin server that use NTLM
> authentication".
>
> I am using squid-2.5-STABLE2.
>
> I removed the following code in file client_side.c,
> routine: clientBuildReplyHeaders,
>
> /* Filter unproxyable authentication types */
> if (http->log_type != LOG_TCP_DENIED &&
> (httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE)
> || httpHeaderHas(hdr, HDR_PROXY_AUTHENTICATE))) {
>
> /* code for removing NTLM headers from reply */
> }
>
> I removed the above code and NTLM auth seems to work for me.
> With firefox, it works for both transparent mode as well as proxy mode.
> With IE, it works in transparent mode, but does not work in proxy mode.
>
> I don't think this could be that simple???
> Please guide me further in right direction.
>
> Rgds,
> Vinod Patel
-- Neil Hillard hillardn@whl.co.uk Westland Helicopters Ltd. http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.Received on Tue Sep 27 2005 - 08:29:51 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT