Henrik Nordstrom wrote:
>
> Dancer wrote:
>
> > > >From draft-ietf-http-v11-spec-rev-06, section 13.5.1:
> > > ...
> > > The following HTTP/1.1 headers are hop-by-hop headers:
> > > ...
> > > . Proxy-Authenticate
> > > . Proxy-Authorization
>
> > Hmm. I checked further down in the spec, and it _does_ say that a proxy
> > which has no proxy-auth credentials MAY forward the challenge to the
> > user, and submit _their_ credentials. Squid obviously does this, and
> > MS-proxy obviously doesn't. Both are correct according to that spec. It
> > still means I'm screwed though :(
>
> Not exacly. The spec says that an intermediade proxy may relay the
> authentication credentials to a cooperating proxy. All challanges MUST
> be consumed at each proxy.
Specifically it says that they must be consumed by proxies that
_require_ such credentials. A proxy MAY pass challenges and credentials
through if they do not personally require them themselves, but the spec
also says that this is not to be confused with 'forwarding' them. Cute
semantic difference :)
D
Received on Tue Jul 29 2003 - 13:15:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:04 MST