RE: [squid-users] Certain applications when using NTLM auth

From: James Zuelow <James_Zuelow_at_ci.juneau.ak.us>
Date: Wed, 4 Feb 2009 09:37:30 -0900

I think my original reply went only to Henrique --

> -----Original Message-----
> From: Henrique Machado [mailto:henrique.cicuto_at_gmail.com]
> Sent: Wednesday, 04 February, 2009 07:19
> To: James Zuelow
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Certain applications when using NTLM auth
>
> Okay. That worked. That really worked. APT is working perfectly.
> Logīs show my user accessing and downloading.
> I didnīt remove my ntlm lines, just added those u suggested.
>
> Now, why? I didnīt understand.
>

It is something that I should have remembered at the very beginning.

When a browser does NTLM authentication, you'll always get one or two 407 replies before a success. That is because they're using ntlmssp negotiation.

But anything that uses basic authentication (like apt) just provides the username and password right away instead of negotiating. If you look at the access log after you made the change, you'll see that apt is not generating any 407 lines at all, even though your web browser clients still are.

When the basic lines were missing, squid could only authenticate using ntlmssp. Now it can do both.

James
Received on Wed Feb 04 2009 - 18:37:39 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 05 2009 - 12:00:01 MST