Re: [squid-users] Re: ntlm won't prompt

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 11 Jul 2003 11:03:05 +0200

On Friday 11 July 2003 04.09, mwestern@sola.com.au wrote:

> from a programmers perspective it's probably a pain but from our
> point of view it seems the best.

If you only knew the mess it makes with the HTTP protocol...

NTLM is a proprietary protocol only available on Windows. Others who
want to implement the protocol must first reverse-engineere the
protocol (see Samba) or license the technology from Microsoft (not an
option for Open Source).

The implementation of NTLM over HTTP is violating important design
aspects of the HTTP protocol. HTTP is a message oriented protocol,
while NTLM is a connection oriented authentication scheme. Big
collision there.

Because of the HTTP protocol violations there are restrictions on the
usefulness of NTLM over HTTP. The perhaps most visible restriction is
that NTLM over HTTP can not be proxied via HTTP proxies, meaning that
if you are using a proxy then you can not log in to web servers
requiring NTLM over HTTP authentication.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Fri Jul 11 2003 - 03:03:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:56 MST