On 21 Aug 2001 08:34:14 +0200, Henrik Nordstrom wrote:
> "Chemolli Francesco (USI)" wrote:
>
> > This emerged when Robert and I were attempting to perform
> > upstream connection pinning to work around the deficiencies of
> > MS's protocol.
> > This does NOT depend on Squid. MSIE performs the same when using
> > MS's own Proxy product.
> >
> > Solution? Bitch with the site webmaster or provide workarounds via
> > proxy.pac.
>
> Ok. So lets drop the idea of pinning as the usefullnes of if it will go
> away by time. But we still have the problem of a web site with NTLM enabled
> and older IE browsers or transparent proxies. Here it would be helpful if
> Squid at least filtered out NTLM from the offered schemes before replying
> to the client as Squid cannot proxy the NTLM authentication if attempted..
USefulness for transparent proxies will never go away. However in 2.5
pinning is not a pretty thing - I have looked into this.
> We have two options for webserver NTLM auth:
>
> a) Connection pinning
>
> b) Filter out the NTLM scheme before replying to client
Good idea.
> I think one of the two should be implemented.
Long term, I think both should be implemented
Rob
> --
> Henrik
Received on Tue Aug 21 2001 - 00:46:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:14 MST