On 2/08/2012 8:03 p.m., Stefan Bauer wrote:
Dear Developers & Users,
I'm using squid with negotiate and basic-auth as fallback.
negotiate is squid_kerb_auth and
basic is squid_ldap_auth
Both work fine together. I noticed, that some apps responde to negotiate with
NTLM - in this case, squid reports:
2012/08/01 10:19:14| authenticateNegotiateHandleReply: Error validating user
via Negotiate. Error returned 'BH received type 1 NTLM token'
because it can not deal and should not deal with NTLM only kerberos. I expected
to have an automatically fallback to basic in this case but opera does not! Why
is that?
You will have to ask Opera that one.
If i force opera to disable NTLM - it uses basic auth and everybody is happy in
my dep.
Can anyone please provide some deeper informations about that behavior?
All Squid can do is advise the available auth mechanisms and/or that the
credentials given have failed. It's up to the client app to keep track
of what it has available and what is (or not) working.
You could try the negotiate_wrapper Markus wrote. That permits the NTLM
and Kerberos GSSAPI mechanisms to both be negotiated via Negotiate auth.
Amos
