Re: [squid-users] NTLM through proxy server?

2007-08-31 Thread Henrik Nordstrom 
On fre, 2007-08-31 at 14:21 -0300, Diego Woitasen wrote:

 ey, It's working with connection pinning of Squid-2.6 :)

Yes, it should. But it's not making pretty things to the internals of
Squid.. and nor is the commonly deployed browser behaving in any sane
manner..

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] NTLM through proxy server?

2007-08-25 Thread Henrik Nordstrom 
On fre, 2007-08-24 at 21:23 -0300, Diego Woitasen wrote:

 ok, is protocol specific, but I read the protocol and I can't
 undertand why. The Client and the Server need to see themselves? Or Is
 a  conexion multiplexation problem in the proxy?


HTTP is message oriented, based on self-contained messages being passed
over unspecified transports, with transports being hop-by-hop (i.e.
browser-proxy and proxy-server is independent transports).

NTLM is connection oriented, based on connection state. Only masqueraded
to look like an HTTP authentication scheme, not at all acting as one.

Thus proxying of NTLM requires the proxy to
1. Detect that the NTLM scheme is being used.
2. Then make a strict association between client connection and server
connection
3. and also remember that requests seen on this client connection is
using authentication even if the messages themselves do not contain any
authentication related information at all.

Which is quite different from how an HTTP proxy normally operates.

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] NTLM through proxy server?

2007-08-24 Thread Henrik Nordstrom 
On tor, 2007-08-23 at 14:44 -0800, Chris Robertson wrote:

  From my understanding the limitation was protocol specific (NTLM auth 
 violated the HTTP spec), but workarounds were added to Squid 2.6.

Correct.

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

[squid-users] NTLM through proxy server?

2007-08-23 Thread Diego Woitasen 
I read a mail of five years ago saying that NTLM auth. can't pass
through a proxy server. Is this limitation protocol specific or is a
Squid problem? If it a squid problem then is working now?

regards,
diegows

-- 
---
Diego Woitasen
---

Re: [squid-users] NTLM through proxy server?

2007-08-23 Thread Chris Robertson 

Diego Woitasen wrote:

I read a mail of five years ago saying that NTLM auth. can't pass
through a proxy server. Is this limitation protocol specific or is a
Squid problem? If it a squid problem then is working now?

regards,
diegows
  


From my understanding the limitation was protocol specific (NTLM auth 
violated the HTTP spec), but workarounds were added to Squid 2.6.


Chris