AW: [squid-users] Apps use NTLM against negotiate but do not fallback to basic if that fails

From: Stefan Bauer <stefan.bauer_at_cubewerk.de>
Date: Thu, 2 Aug 2012 11:19:18 +0200

-----Urspr√ľngliche Nachricht-----
Von: Amos Jeffries <squid3_at_treenet.co.nz>
> > because it can not deal and should not deal with NTLM only kerberos. I
> expected to have an automatically fallback to basic in this case but opera does
> not! Why is that?
>
> You will have to ask Opera that one.

Ok - thank you. So it's a client issue.

> > If i force opera to disable NTLM - it uses basic auth and everybody is happy
> in my dep.
> > Can anyone please provide some deeper informations about that behavior?
>
> All Squid can do is advise the available auth mechanisms and/or that the
> credentials given have failed. It's up to the client app to keep track
> of what it has available and what is (or not) working.
>
> You could try the negotiate_wrapper Markus wrote. That permits the NTLM
> and Kerberos GSSAPI mechanisms to both be negotiated via Negotiate auth.

Well if i can not and do not handle NTLM - its useless - isn't it?

Stefan
Received on Thu Aug 02 2012 - 09:17:54 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 02 2012 - 12:00:02 MDT