Re: NTLM authentication

From: Willy Tarreau <w#1wt.eu>
Date: Wed, 14 Jan 2009 16:56:35 +0100


On Wed, Jan 14, 2009 at 08:45:18AM -0500, Guillaume Bourque wrote:
> Hi,
>
> If my memory is corrected in Microsft documentation NTLM can't be proxy
> unless you configure NTLM in a very specific way. Even Microsoft proxy
> did not support NTLM.

I believe it can be proxied (by a reverse-proxy at least) but it absolutely requires keep-alive because it relies on a 3-way challenge inside the same session. It sometimes causes trouble through some proxies because there is no way to force the connection to stay alive, especially under strong memory constraints on the proxies.

Maybe for your application you can simply disable "option httpclose", but keep in mind that you'll not be able to log nor to perform content switching or filtering then.

Regards,
Willy Received on 2009/01/14 16:56

This archive was generated by hypermail 2.2.0 : 2009/01/14 17:00 CET