On Fri, 2003-07-11 at 12:03, [EMAIL PROTECTED] wrote: > Hi Robert, > > >you can simply allow adobe based on a browser regex before your auth > >triggering http_access lines. > > that's what i'm hoping to do to get around this problem. have you managed > to do this? i've not experimented yet as i didn't know what adobe tells > squid what browser it is. i'm going to tcpdump eventually and see if i can > figure it out.
Yup. tcpdump -s 1500 -X port 8080 host <srcip you are testing from> that should do it for you. > >As far as the adobe tool working with plain, not when NTLM is enabled, > >that smells like a bug - RFC 2617 specifies that user agents should > >select the -best supported- auth scheme offered by the proxy - and as > >you have plain enabled, adobe should select that and use it. > > just plain works with adobe. ntlm doesn't. and ntlm first and plain second > doesn't. sad that. Uhm 'plain'? I presume you are referring to 'basic' - there is no such scheme as plain. > i'm guessing that adobe is selecting the best supported one which is ntlm > and failing because it doesn't like it. it's version 5 of pdf which isn't > the latest (6 is out). Thats the point - if it doesn't like NTLM, it shouldn't select it according to the RFC. This is grounds for a bug report to the vendor - adobe- IMO. I was giving you the description, to help you make the case to them :}. Anecdotally MSIE has(perhaps had - I haven't tested for a while) a bug that it always chooses the first offered scheme, even if it is less secure than others in the list. Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
signature.asc
Description: This is a digitally signed message part