Re: AW: [squid-users] Apps use NTLM against negotiate but do not fallback to basic if that fails

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 02 Aug 2012 21:48:39 +1200

On 2/08/2012 9:19 p.m., Stefan Bauer wrote:
> -----Urspr√ľngliche Nachricht-----
> Von: Amos Jeffries <squid3_at_treenet.co.nz>
>>> because it can not deal and should not deal with NTLM only kerberos. I
>> expected to have an automatically fallback to basic in this case but opera does
>> not! Why is that?
>>
>> You will have to ask Opera that one.
> Ok - thank you. So it's a client issue.
>
>>> If i force opera to disable NTLM - it uses basic auth and everybody is happy
>> in my dep.
>>> Can anyone please provide some deeper informations about that behavior?
>> All Squid can do is advise the available auth mechanisms and/or that the
>> credentials given have failed. It's up to the client app to keep track
>> of what it has available and what is (or not) working.
>>
>> You could try the negotiate_wrapper Markus wrote. That permits the NTLM
>> and Kerberos GSSAPI mechanisms to both be negotiated via Negotiate auth.
> Well if i can not and do not handle NTLM - its useless - isn't it?

Yeah if you have gone that far it is. Its for the transition period.

Amos
Received on Thu Aug 02 2012 - 09:48:50 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 02 2012 - 12:00:02 MDT