[squid-users] NTLM authentication pass-through to upstream proxy

From: Jeff Silver <jsilver_at_websense.com>
Date: Wed, 9 Jun 2010 17:22:09 +0100

I'm using squid/3.1.3.
It is configured with a cache-peer thus:

cache_peer myproxy parent 8081 0 default no-query no-digest no-netdb-exchange login=PASS

'myproxy' is not squid. It is NTLM-capable.

The NTLM log-in process works OK, but it looks as if squid is not maintaining separation between
sessions (what I think used to be called "connection pinning"). In other words, if two users log in
from two separate browsers, upstream connections are shared across the two sessions (especially if
the same site is being visited).

I tried adding connection-auth=on to both the cache-peer line and the http_port line (although squid
3.1 docs say that this is on by default).
I also tried sending a 'Proxy-support: Session-Based-Authentication' header from myproxy.
Upstream connections were still being shared.

Is there anything else I should set in the configuration?
Is this a bug?

--
Jeff Silver
 Protected by Websense Hosted Email Security -- www.websense.com 
Received on Wed Jun 09 2010 - 16:22:33 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 10 2010 - 12:00:03 MDT