Devi Krishna wrote: > > I am trying to get mod_proxy_http to work in pass through mode for NTLM > authentication. I see that in apache proxy we dont keep the backend > connection persistant. This causes NTLM to fail because on receiving > type2 message from client, the proxy forwards this to the Origin Server > using a new connection. This causes the NTLM authentication to fail
Turn off keepalives. Because Apache can now route requests from multiple clients to the same proxy connection, the combination is lethal. NTLM/SSPI is connection-oriented, in violation of HTTP, rendering it either unproxy-able or at least unsafe to retain/share connections.
