On Sun, 12 Dec 1999, Henrik Nordstrom wrote:
> Do you have any idea what is it that makes the NTLM authentication sheme
> impossible to proxy? From my understanding of NTLM challenge/response
> used in file access is possible to proxy to another authentication
> server.
Provided the client is willing to do NTLM WWW authentication through a
proxy, there are two basic reasons I can think of: Squid isn't passing the
authentication info correctly (i.e. all messages should be during 1
persistant connection for each authentication attempt) or IIS is checking
the workstation/domain name.
I've managed a couple of FreeBSD firewals before and seen a lot of WINS
queries directed at them. I don't know if it's related.
If I had the time I'd personally follow this through, but I'm working 13
hour days right now. Proxy authentication is a small part of that though.
- ad
Received on Sun Dec 12 1999 - 10:02:38 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:19 MST