hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Proxy Authentication in 3.0 rc2
Date Wed, 29 Jun 2005 17:17:24 GMT
On Wed, Jun 29, 2005 at 09:53:07AM -0700, David Parks wrote:
> Hi all,
> I am trying to authenticate to a server via a proxy which also requires authentication.
It seems that I can get either the proxy authentication to work OR the site authentication
to work, but not both.
> 
> Both seem to work independently when I set the credentials (or proxy credentials) using
NTCredentials (e.g. if I connect to the site from a network not using a proxy I can get it
to work, and I can authenticate to the proxy only to get a 401 authentication failed from
the server when using the proxy).
> 
> I read in the Authentication tutorial that you can't authenticate using NTLM to both
the proxy and site, so I'm trying various combinations of authentication, but I can't find
any documentation that specifically covers this case and I feel like I'm just taking stabs
in the dark right now.

David,

You _really_ can't use NTLM to authenticate with the proxy and the
target host at the same, due to the nature of this authentication
scheme. Really. That was not a joke.

Please consider using one of the following combinations instead:

(1) BASIC proxy + NTLM host if both the clent and the proxy are within a
trusted network segment

(2) NTLM proxy + SSL + BASIC host

Both combinations should provide an adequate (or better in the latter case)
security

Hope this helps

Oleg

> 
> If anyone can point me in the direction of the light at the end of the tunnel I'd really
appreciate it.
> 
> Thanks,
> David
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message