On Mon, 17 May 2004, CHARREAU Anthony wrote: > If I try to see a Internet or Intranet website without NTLM auth through Squid, who > always auth users with NTLM, it works fine.
This it should. > So, Apache alone works fine, squid alone works fine, but when I try to chain both, > it fails. You can not proxy NTLM authentication via Squid. Microsoft twisted the HTTP protocol too far outside the specifications when "designing" their "NTLMSSP over HTTP" authentication model for this to be possible. "NTLMSSP over HTTP" is NOT an HTTP authentication scheme. It is a twisted attempt of making NTLMSSP masquerade itself like a HTTP authentication but does not fulfill the fundamental message properties of HTTP making it incompatible with any correct HTTP implementation. Regards Henrik
