Maarten,
>>> Hi,
>>>
>>> My squid proxy doesn't seem to get a login prompt from a webiste:
>>> http://www.europanelsoverseas.be/webalizer/ (IIS webserver)
>>>
>>> When I did a packet capture on the machine, I saw that, in response to
>>> the proxy's GET /webalizer HTTP/1.0, the webserver responded
>>> immediately with 401 HTTP code.
>>>
>>> Does anyone know what I'm doing wrong here or what might cause this behaviour?
>> Yes - the web server is using NTLM authentication. It is fundamentally
>> broken and does not work through proxies (unless they specifically work
>> around its brokenness - Squid does not).
>>
>> Switch it (or tell the admin to) basic or digest auth. If using basic
>> auth you may want to use SSL so that the credentials aren't sent in the
>> clear.
>
> Does this mean that the NTLM code is proprieatary and changes alot so
> squid can't keep up? There's no chance of fixing this on the squid
> level then?
See http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
NTLM is broken end of story and won't be supported in Squid. You should
choose a _standard_ authentication protocol, not one M$ dreamt up
(complete with bugs).
Neil.
-- Neil Hillard hillardn@whl.co.uk Westland Helicopters Ltd. http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.Received on Wed Mar 22 2006 - 06:59:15 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST