NTLM authentication can not by design be proxied via HTTP proxies.
As a bandaid you should upgrade to Squid-2.5.STABLE2 or later which
largely limits the damage done by NTLM authentication by removing any NTLM
challenges sent by the server, leaving only Basic authentication.
Alternatively you can have the browser configured to use the proxy rather
than intercepting the traffic without the knowledge of the browser which
should accomplish the same assuming the browser is reasonably up to date.
It is not at all related to the save-password feature. Just the fact that
NTLM authentication completely fails if attempted via a HTTP compliant
HTTP proxy.
Regards
Henrik
On Sun, 7 Dec 2003, Jim Huneycutt wrote:
> I recently installed an SME/e-Smith 5.6 (Linux distro based on Redhat 7.3)
> server/firewall at a client site that must connect to a certain website that
> requires authentication - what appears to be Microsoft NTLM authentication
> complete with domain name. Before installing the SME server the client used
> a dialup Internet connection and had no problem with entering the username,
> password and domain in the Microsoft "Enter Network Password" login screen
> that comes up when he goes to the site. He would click on "save password"
> and never see the login box during that Internet Explorer session.
Received on Sun Dec 07 2003 - 15:12:42 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:06 MST