Re: authentication, 407 / 403 from Robert Collins on 2001-07-05 (squid-dev)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 6 Jul 2001 00:09:24 +1000

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
Cc: <squid-dev@squid-cache.org>
Sent: Thursday, July 05, 2001 11:12 PM
Subject: Re: authentication, 407 / 403

> Chemolli Francesco (USI) wrote:
>
> > It is a problem which is related to Internet Explorer and NTLM.
> > NTLM authentication handshake implies at least 3 HTTP requests, the
first 2
> > getting 407's. Only at the third request Squid gets to know the user's
> > credentials. If the check fails, without KINKIE_407_HACK, squid will
403.

If a non-proxy_auth acl check fails.
ie the username isn't allowed to access the site. With NTLM IE will not
allow the user to override the credentials when a 403 is returned. You can't
go "forget the username, I'm a on-site support staff member".

However IE will allow you to manually enter credentials when it's given a
407.

Rob
Received on Thu Jul 05 2001 - 08:07:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:05 MST