Henrik Nordstrom wrote:
>
> Dancer wrote:
>
> > Now...Have I completely failed to understand proxy-authentication in a
> > hierarchy (My understanding was that the credentials/challenge would be
> > passed transparently through proxies that did not require
> > authentication, and then 'consumed' by the first unit in the chain that
> > did require it) or is MS-proxy Doing The Wrong Thing(tm)?
>
> MS-proxy is doing the right thing. Transparently passing the
> authentication onwards to other proxies is an Squid extension, and
> should be changed to require cache_peer configuration.
>
> >From draft-ietf-http-v11-spec-rev-06, section 13.5.1:
> ...
> The following HTTP/1.1 headers are hop-by-hop headers:
> ...
> . Proxy-Authenticate
> . Proxy-Authorization
>
> ---
> Henrik Nordstrom
> Spare time Squid hacker
Hmm. I checked further down in the spec, and it _does_ say that a proxy
which has no proxy-auth credentials MAY forward the challenge to the
user, and submit _their_ credentials. Squid obviously does this, and
MS-proxy obviously doesn't. Both are correct according to that spec. It
still means I'm screwed though :(
D
Received on Mon Mar 22 1999 - 01:35:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:21 MST