RE: [squid-users] Pb with Microsoft Integrated Login and Squid 3.1

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Thu, 05 Nov 2009 21:48:17 +0100

ons 2009-11-04 klockan 18:25 +0100 skrev NOGUES Jean-Marc (EURIWARE):
> Hi,
>
> > I say "usually normal", because the client software should be aware of
> > that requirement and send the auth for as many requests as needed in the > session.
>
> Sniffing between Squid and clients shows that clients never send auth
> data within further requests in the session. Clients only send auth
> data just after receiving an "HTTP/1.1 401 Unauthorized" from the
> remote web server.

Negotiate (and NTLM) is connection oriented non-HTTP compliuant auth
schemes (basic principle of HTTP messaging violated). Because of this
aut credentials is only seen on the first request per TCP connection.
Once auth have completed on that connection further requests on tha same
connection looks like they are anonymous but they are in fact not...
(auth silently inherited from the TCP connection).

Regards
Henrik
Received on Thu Nov 05 2009 - 20:48:21 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 06 2009 - 12:00:03 MST