Roland Weber wrote:
My question is: will _all_ requests over that connection share the authentication, or do they still require some Authentication: or Proxy-Authentication: header? In other words, if the connection is given back to the connection manager and subsequently re-used, will those requests accidentally "inherit" the NTLM authentication?
As far as I understand it, yes as long as that connection is open all resources transferred are considered authenticated. NTLM is problematic since it works very differently from how http is supposed to work. NTLM keeps state, http does not. The only way I have managed to get my proxy to handle NTLM connections between the real server and the real client is to switch the proxy to a dumb tunnel when NTLM is negotiated (otherwise another client might reuse the same server connection and be authenticated). For a proxy any accidental authentication inheriting is very bad, for a normal browser/tool it is probably ok. I suspect that there are lots of proxies that have problems when the real server tries to use NTLM. /robo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
