On Tue, 27 Sep 2005, Vinod Patel wrote:
> /* code for removing NTLM headers from reply */
>
> I removed the above code and NTLM auth seems to work for me.
No it does not.
If you remove this code the following result will be seen:
- In light testing as a single user it may appear to work at first
- After more indepth testing you will notice random authentication
popups as the first sign of trouble
- After more testing with multiple users you will notice the random
authentication popups a lot more
- And if you look more closely at the web server logs or what
permissions is given to each user you will notice that the server
"randomly" assings another user to the requests when an authentication
popup is not given.
> With firefox, it works for both transparent mode as well as proxy mode.
The fact that Firefox works in proxy mode can to a remote extent be argued
to be a bug in Firefox not implementing NTLM in the same manner as MSIE.
> With IE, it works in transparent mode, but does not work in proxy mode.
As it should. Microsoft is well aware of the problems. See
Internet draft draft-jaganathan-kerberos-http-01 for details on what is
required to use NTLM and Negotiate over HTTP proxies.
Regards
Henrik
Received on Tue Sep 27 2005 - 15:39:35 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT