Jose Lopes wrote:
> Hi,
>
> I have the same problem.
> I have already set network.negotiate-auth.trusted-uris to proxy domain.
> At the firefox (FF) log appears:
> 0[825140]: service = squid.domain
> 0[825140]: using negotiate-sspi
> 0[825140]: nsAuthSSPI::Init
> 0[825140]: InitSSPI
> 0[825140]: Using SPN of [HTTP/squid.domain]
> 0[825140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
> 0[825140]: entering nsAuthSSPI::GetNextToken()
> 0[825140]: Sending a token of length 40
> 0[825140]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
> 0[825140]: entering nsAuthSSPI::GetNextToken()
> 0[825140]: Cannot restart authentication sequence!
>
> The http messages between squid an FF are:
>
> FF -> SQUID
> GET http://www.squid-cache.org/ HTTP/1.1
> [...]
>
> SQUID -> FF
> HTTP/1.0 407 Proxy Authentication Required
> Server: squid/3.0.STABLE14
> [...]
> Proxy-Authenticate: Negotiate
> [...]
>
I know you seem to have tracked it down to a FF bug (maybe).
But I'm wondering if all this checking and testing with 3.0.STABLE15 is
worth it? Negotiate helper had an upgrade in STABLE16.
Also, the way Squid let NTLM/Negotiate helpers became deferred and
'leaked' was fixed in STABLE19. That one is likely to hit as soon as
this initial problem is resolved.
I really would not recommend using anything less than STABLE19 with
NTLM/Negotiate helpers.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Tue Jan 19 2010 - 11:56:40 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 19 2010 - 12:00:04 MST