Dancer wrote:
> Now...Have I completely failed to understand proxy-authentication in a
> hierarchy (My understanding was that the credentials/challenge would be
> passed transparently through proxies that did not require
> authentication, and then 'consumed' by the first unit in the chain that
> did require it) or is MS-proxy Doing The Wrong Thing(tm)?
MS-proxy is doing the right thing. Transparently passing the
authentication onwards to other proxies is an Squid extension, and
should be changed to require cache_peer configuration.
>From draft-ietf-http-v11-spec-rev-06, section 13.5.1:
...
The following HTTP/1.1 headers are hop-by-hop headers:
...
. Proxy-Authenticate
. Proxy-Authorization
---
Henrik Nordstrom
Spare time Squid hacker
