Why does an NTLM proxy require persistant connections?
Martijn Klingens
klingens at kde.org
Fri Dec 30 09:04:49 GMT 2005
Dawit Alemayehu said:
> On Thursday 29 December 2005 10:47, Martijn Klingens wrote:
>> And why doesn't it warn or give sensible errors when that setting is
>> off?
>
> How do you want it to do that ?!?!?!?
I don't know how kio-http can report errors/warnings/etc. back to the
calling application, so I leave that part up to you. What it at least
could do, though, is detect the the Authenticate: NTLM header and if it
sees that with persistancy turned off it could complain.
Right now even the test for Authenticate: NTLM is inside an if( persistant
), so the entire code path is bypassed (!), giving the user the proxy's
failure-to-authenticate page.
> Do about:config in firefox, filter with the word 'proxy' and see what
> the default value for proxy keepalive is... What we need to do is
> default persistent proxy connection to on and let people who use broken
> servers such as Junkbuster turn that option off since they seem to be in
> the minority now.
> When this feature was implemented the majority of proxy server common on
> unix
> platforms were still HTTP/1.0 based. That should fix this issue...
Firefox is using the defaults, which are
HTTP v.1.1, keep-alive (indeed :) ) NO pipelining, and max 4 persistant
connections per proxy.
>> Why isn't persistancy automatically turned on when NTLM is detected?
>> What does it do at all?
>
> Because it is something the person who added NTLM support overlooked or
> did not anticipate ??? IOW you found a bug
Ah, I thought this was intentional :)
Should I report to b.k.o. or is this mail enough notification for the
kio-http maintainer (IIRC that's you :P ) to pick it up?
>> As with my previous mail, I am only sitting here tomorrow and then I
>> can't test anymore.
>
> This should have been tested by whomever implemented/added support for
> this authentication scheme. Anyways, I will try to setup my Squid with
> NTLM support and test this when I get the chance...
That would be much appreciated. It will be too late for me, but I'm sure
many other users will love you for it ;-)
More information about the kfm-devel
mailing list