On 1/10/2013 8:25 a.m., Ron Wheeler wrote:
> Yes
> Yes
> Nothing?
>
Er. That should be: "yes. no. upgrade?"
NTLM will only succeed on the *third* attempt. So some 60% of requests
get DENIED. Usually on the pattern that two connections are used - the
first only gets a DENIED then closed, the second gets DENIED then success.
We are continuously improving Squid and there have been many NTLM fixes
since 3.1 series and a few in Kerberos handling as well. So upgrading to
the latest stable will possibly improve things a little bit for the
problems not yet noticed even though the described behaviour is expected.
> I think that the problem comes from the fact that the browser has no
> idea about what the authentication will be (if any) when it first
> makes the request.
> Once the server says "Whoa, Why should I let you in?", the browser
> knows that it needs to engage in an authentication process.
>
Exactly so. Good description BTW.
> I could be wrong but I am sure that a quick Google will get you a full
> description of the process.
>
> Ron
Amos
Received on Tue Oct 01 2013 - 07:12:20 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 12:00:04 MDT