AW: [squid-users] Squid with NTLM-Auth: Java Web Start on SSLwon't work

From: <Markus.Rietzler@dont-contact.us>
Date: Thu, 27 Sep 2007 11:35:55 +0200

>
>> in the first case (HTTP and GET) the client (javaws) sends a
>> "Keep-alive: 300, Connection: keep-alive", in the second
>case (HTTPS and
>> CONNECT) no keep-alive is sent and so the NTLM-Auth failes.
>
>keep-alive is needed for NTLM. Without keep-alive only Basic or Digest
>can be used.
>
>> can someone help us in finding the error? is it something
>with java or
>> javaws (sun says, that starting with java 1.4 ntlm and https should
>> work).
>
>It's an java JRE issue most likely.
>

so seems that we have no chance to find a workaround. one (minor)
problem is, that we have written the acls in that way, that squid will
try NTLM Auth and makes no fall back to ntlm via basic auth. this way we
prevent that users will have many auth dialogs when they only are
allowed to access "open" websites. that also includes ad banners on
"open" sites...

so this means, that if NTLM auth failed no basic auth is done. basic
auth only comes up if the client does not support NTLM.

it works with HTTP but not with HTTPS. so it really seems to be an issue
with Java. the faqs say that it (should) work with java 1.4.2 and up...
seems that we have no real chance to solve this...
maybe we can "open" jnlp-urls, so that no auth is required... but this
looks like a cheap trick...

markus
Received on Thu Sep 27 2007 - 03:36:08 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT