[squid-users] Order of authentication schemes in Proxy-Authenticate

From: Alan <lameventanas_at_gmail.com>
Date: Wed, 10 Apr 2013 13:23:36 +0900

Is there any way to influence the order in which Squid sends the
Proxy-Authenticate headers to the client? I already tried changing
the order in the config file to no avail.

Background:
I have a squid 3.3.3 proxy using both kerberos and radius. A capture
shows it offers both Basic and Negotiate authentication schemes, in
separate headers and in that order.
IE seems to try Negotiate first and Basic later, disregarding the
order in which the headers appear.
Firefox seems to be trying in the same order as the headers appear (I
haven't confirmed that changing the order would fix this).

The RFC doesn't seem to mention anything about which one should be
tried first, so both approaches seem reasonable. I haven't been able
to find any configuration option in Firefox to change the order
either.
Received on Wed Apr 10 2013 - 04:23:43 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 11 2013 - 12:00:03 MDT