On 21 Aug 2001 10:37:15 +0200, Chemolli Francesco (USI) wrote:
> > As to my mind, it is because of "401" response. In case of
> > "407" all the IE
> > 4+ start NTLM negotiation.
>
> Maybe you are right, it's IIS refusing to negotiate.
401 is the external server equivalent of 407, it is the beginning of
negotiation :}. Get some sleep, or coldral or something.
...
> > should change 401 to 407 and "WWW-Authenticate: NTLM" header line to
> > "Proxy-Authenticate: NTLM". Also, Squid should change
>
> AARGH!
Ditto. Covered in more detail separately.
> > I'am not Squid developer, not even hacker. I've just
> > discovered a lot how
> > NTLM works because of a project I am involved in. And, IMHO, if Basic
> > Authorization could be passed through proxy, why NTLM
> > shouldn't ? Of course,
> > you may say that MS violates the HTTP standard with NTLM, but
> > this scheme
> > works and is in use and becomes popular.
>
> I contend this. It is popular in MS-only or almost-MS-only enterprises
> for intranets because it allows single-sign-on.
> Anybody using it over the internet should be beaten to a bloody pulp. For
> instance
> accessing a site via a transparent proxy (as many ISPs seem to be doing
> currently)
> would not work.
Exactly. NTLM CANNOT reach large popularity on the internet today,
because of it's problem with proxy servers.
Rob
Received on Tue Aug 21 2001 - 05:44:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:14 MST