PR 39673 revealed a problem with NTLM and mod_proxy_http. Actually NTLM does not work any longer with proxied backends doing NTLM authentication.
As far as I understand NTLM the current 2.2.x proxy implementation does NOT support it, because there is no guarantee that the same backend connection is used for the next request on a keepalive frontend connection. Each request from a frontend connection leases a backend connection from a connection pool for the request and returns it back to the pool immediately after the request has been processed. When the next request on this keepalive frontend connection is processed it may lease a different backend connection from the pool. This raises two questions for me: 1. The current approach of leasing connections from the pool on request base means, that a keepalive frontend connection may use a different backend connection for each request and that a keepalive backend connection may be used by different frontend connections. Does this approach violate any RFC's we claim to implement / support? 2. If the answer to 1. is no, the question that remains is: Do we claim / want to support NTLM on proxied backends. As far as I understand there is no official spec for NTLM, correct? Regards RĂ¼diger
