I'm about to dive head-long into writing the SPNEGO support for Squid, unless I can somehow bribe a real squid dev onto the task.
SPENGO in Squid is an interesting point - as far as I understand it, SPNEGO (Negotiate) HTTP support is not specified (in terms of the RFC) to a proxy server, only to a HTTP origin server. I see no reason for this silly restriction, and I'm going to play with Mozilla and IE to see what we can make them do. (Mozilla just gained SPENGO via SSPI, including transparent NTLM). So, I am trying to follow the advise offered in the programming guide, which says to copy the closest auth module, and go. Does the list have any particular tricks or traps I should know about? I realise that new code should be in Squid3 - but is Squid 2.5's NTLM code more mature? Andrew Bartlett
signature.asc
Description: This is a digitally signed message part
