Re: [squid-users] NTLM Authentication and Connection Pinning problem

From: Jeff Foster <jfoste_at_gmail.com>
Date: Wed, 17 Feb 2010 08:59:27 -0600

I'm not sure which TCP stream you are referencing in your reply.
If you are looking at client port 1917; I agree with your response.

The problem as I see it is the TCP stream for the client port 1919.
It is using port 37159 on the squid server to the upstream. Then
in packet 210 the upstream request switches to port 37161.

The trace was run from the initial client request to long after the
Internet Explorer authentication dialog was displayed.

Jeff F>

On Wed, Feb 17, 2010 at 1:50 AM, Amos Jeffries wrote:
> Jeff Foster wrote:
>>
>
> Hi Jeff,
>
> Looking at the 3.1 capture I see everything working perfectly as it should
> be.
>
> The connection is held open as expected of persistent connections through
> the enire auth sequence and beyond. It finishes with an actual page result
> starting to come back from the final auth credentials.
>
> The thing to notice at this point is that the object being fetched has no
> Content-Length: header and so the connection MUST end with closure to
> terminate the file. This will prevent it ever being re-used as you expected.
> NP: all the object replies this server produces seem to have this type of
> content preventing connection re-use.
>
> At the end it is your client machine which sends a RST packet and aborts
> the download and closes the connections before the object is complete, its
> visibly a partial page in the trace.
>
>
> The only odd thing I can see so far is the followup from the
> http://simon/Styles/forms.css request. Server replies with a 304 redirection
> (keep alive allows connection re-use :). As expected The client sends the
> auth credentials to the new request URL through teh existing connection. But
> then the server replies with a brand new auth challenge as if it had never
> seen the client before.
> The trace does not continue long enough to follow that, but I would hope
> the client re-auths properly and things continue fine. At least until the
> next unknown-length object.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
> Current Beta Squid 3.1.0.16
>
Received on Wed Feb 17 2010 - 14:59:36 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST