ons 2006-06-21 klockan 20:11 +0300 skrev Tsachi:
> Hi,
> Well I have tried 2.5 stable 14 with the last pinning patch:
> WWW works well.
Good.
> Authenticating to an upstream ISA proxy failed, since the
> HDR_PROXY_SUPPORT was missing in the replay header thus causing the
> "peer_support_connection_pinning()" to return 0.
Right... need to do something about that in 2.6..
> I did a changed to "peer_support_connection_pinning()"
> I removed this condition:
> if (!httpHeaderHas(hdr, HDR_PROXY_SUPPORT)
> return 0;
>
> Instead I am returning 1, and not proceeding with the rest of the function.
>
> return 1;
Which is fine if you known your peers supports relaying of Microsoft
connection oriented auth..
I think that for proxy authentication we should simply assume this. In
nearly all setups it's the peer which requires authentication in this
case. The only problematic case is when there is another intermediary
proxy between Squid and the parent requiring NTLM authantication and
this intermediary does not support connection-oriented auth.. but as
that intermediary will fail if used directly by the clients as well it's
safe to ignore..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Fri Jun 30 2006 - 12:00:02 MDT