Re: NTLM status: update

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 22 Nov 2003 23:43:32 +0100 (CET)

On Sat, 22 Nov 2003, Serassio Guido wrote:

> The problem is something different:
>
> IE uses "Security Zones": by default in the Intranet Zone the automatic
> NTLM authentication is enabled while in the Internet Zone is disabled.
>
> IE 5.01 identify correctly that the proxy is in the Intranet Zone (I can
> see the 407/200 sequence in access.log) and authenticate automatically
> using ntlm for internal Squid objects.
> IE 6 SP1 simply doesn't understand that the proxy is in the Intranet Zone,
> and use the Internet Zone rules, (I can see 407 only) asking for
> Authentication for internal squid objects.

I am still not entirely convinced.

As for security zones there is a big difference in a connection to a well
defined proxy server and a request for
http://name.of.your.proxy/squid-internal-static/icons/anthony-unknown.gif

One is a request to a proxy server, the other a request to a web server
(assuming name.of.your.proxy matches the domains you have selected to not
use a proxy for).

> >You should only see this popup once per session (or until the login
> >expires from IE)
>
> This happens for every object .....

If it keeps happening even after successful authentication then it surely
is a browser bug.

> Yes, but with IE 5.01 there are no problems as with Mozilla in ntlm mode,
> so in IE 6 SP1 there is something of anomalous.

Could be. But still the icons is very special in terms of security zones
etc..

Regards
Henrik
Received on Sat Nov 22 2003 - 15:43:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:47 MST