Re: [squid-users] Upstream authentication failed

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 12 Mar 2011 13:11:11 +1300

On 11/03/11 20:40, Stranger Stranger wrote:
> It means NTLM authentication. I want to forward domain user name and
> password to bluecoat over squid.
> I want to use squid only caching.Authentication will be on bluecoat.
>

Squid cannot support NTLM like this. The closest we can get is
performing Negotiate auth on the link between Squid and the BC. Which
uses the Squid box credentials, not the clients.

The squid-3.2 "login=PASSTHRU" option was added for a scenario like
yours to relay auth headers unchanged to the other proxy. This makes
Squid act for Proxy-auth the same way it would for WWW-auth (ignore and
dumb-relay).
  It will fail if Squid is doing anything to participate in the auth
transfer. ie even the fake NTLM helper for logging breaks it.

Disclaimer: 3.2.0.5 has a bug which crashes NTLM. Fix underway.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5
Received on Sat Mar 12 2011 - 00:11:17 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 12 2011 - 12:00:01 MST