On Tue, 1 Sep 2009 12:43:13 +0100, Gavin McCullagh <gavin.mccullagh_at_gcd.ie>
wrote:
> Hi,
>
> On Tue, 01 Sep 2009, Tejpal Amin wrote:
>
>> Try putting this acl
>>
>> acl Java browser Java/1.4 Java/1.5 Java/1.6
>> http_access allow Java
>>
>> This worked for me when using NTLauth.
>
> Thanks, though I'm not the one in need of a solution and I'm not that
keen
> to give Java full unauthenticated browsing rights.
>
> Perhaps Truth Seeker(?) might try that though.
>
> Am I to understand that Java is just really bad at NTLM auth, so much so
> that people just whitelist it for unauthenticated access?
Yes.
Personally I recommend adding other ACL such as sources which are allowed
to use Java in this way. To reduce the impact and security holes this
method opens.
Amos
Received on Wed Sep 02 2009 - 00:15:06 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 03 2009 - 12:00:02 MDT