Re: [squid-users] Proxy-Authenticate and WWW-Authenticate

From: Neil A. Hillard <neil.hillard@dont-contact.us>
Date: Thu, 26 Jul 2007 08:52:48 +0100

Matt,

Matthew Smith wrote:
> Hello!
>
> Is it correct to say that a response can only have one authenticate in
> the headers? That a request containing a WWW-Authenticate cannot have a
> Proxy-Authenticate as well?
>
> If I have a site which requires authentication with a given scheme, am I
> right to assume that the only way a authenticating proxy between the
> site and the user can use authentication is if the authentication tokens
> sent by the user are the same for the proxy and the site? Is basic
> authentication the only auth system that can be chained in this way?
>
> Lastly, assuming a proxy with no auth, is it now possible to have a
> WWW-Authenticate using the NTLM scheme pass though a squid proxy? In the
> past I believe the answer is no, but I want to be sure nothing has
> changed since.

I wouldn't have thought a response could contain both headers. But what
would happen is the request would be sent to the proxy, you'd
authenticate, then the request would be forwarded to the target site
which would then request authentication.

A request can have both headers. As long as your clients are aware of
the proxy then they will happily authenticate to it (with
Proxy-Authorization) and then authenticate to the target website (with
Authorization).

                                Neil.

-- 
Neil Hillard                    neil.hillard@agustawestland.com
AgustaWestland                  http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.
Received on Thu Jul 26 2007 - 01:52:58 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT