Re: NTLM module

That makes more sense. Thanks

My response from squid is the same - I was quoting from memory. I will get
an IE4 client together that should match? the environment development was
being done on and see how it plays.

Could you also confirm that (AFAUK) a config entry like

acl nltmauth proxy_auth ntlm REQUIRED

should request ntlm authentication, not allow basic and grab the username?

Rob

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Tuesday, July 11, 2000 9:17 AM
Subject: Re: NTLM module

> Robert Collins wrote:
> >
> > AFAICT it was largely inactive - the code looked like it was pre-auth
> > modules?
>
> No development has taken place on the ntlm branch for the last two
> months or so, only minor bug fixes to problems reported by the person(s)
> trying it.
>
> What auth modules are you talking about here? Not sure I understand what
> you are talking about. The "ntlm" branch includes an attempt to make the
> proxy_auth modules more generic to support added requirements from NTLM
> and Digest authentication.
>
> > I have no IE 4 machines to test it on at the moment, but the clients
were
> > sending auth strings like "Basic acbegf6552163bcbc=00" (that one's
fake!)
>
> Thats Basic, not NTLM.
>
> > It does respond with
> > ==
> > Proxy-Auth Basic=squid proxy realm
> > Proxy Auth NTLM
> > ==
>
> Mine responds with
>
> ...
> Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
> Proxy-Authenticate: NTLM
> ...
>
> I have been able to verify that Squid selects the correct code path for
> next step of the protocol also by using constructed requests, but
> without a real Windows box on the network I cannot test much more. It is
> no fun manually base64 encoding those NTLM structures..
>
> /Henrik
>
Received on Mon Jul 10 2000 - 17:23:29 MDT