Re: AW: [squid-users] Apps use NTLM against negotiate but do not fallback to basic if that fails

From: Amos Jeffries <>
Date: Thu, 02 Aug 2012 21:48:39 +1200

On 2/08/2012 9:19 p.m., Stefan Bauer wrote:
> -----Urspr√ľngliche Nachricht-----
> Von: Amos Jeffries <>
>>> because it can not deal and should not deal with NTLM only kerberos. I
>> expected to have an automatically fallback to basic in this case but opera does
>> not! Why is that?
>> You will have to ask Opera that one.
> Ok - thank you. So it's a client issue.
>>> If i force opera to disable NTLM - it uses basic auth and everybody is happy
>> in my dep.
>>> Can anyone please provide some deeper informations about that behavior?
>> All Squid can do is advise the available auth mechanisms and/or that the
>> credentials given have failed. It's up to the client app to keep track
>> of what it has available and what is (or not) working.
>> You could try the negotiate_wrapper Markus wrote. That permits the NTLM
>> and Kerberos GSSAPI mechanisms to both be negotiated via Negotiate auth.
> Well if i can not and do not handle NTLM - its useless - isn't it?

Yeah if you have gone that far it is. Its for the transition period.

Received on Thu Aug 02 2012 - 09:48:50 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 02 2012 - 12:00:02 MDT