httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject PR 39673 revealed a problem with NTLM and mod_proxy
Date Tue, 30 May 2006 20:30:47 GMT
PR 39673 revealed a problem with NTLM and mod_proxy_http.
Actually NTLM does not work any longer with proxied backends doing NTLM authentication.

As far as I understand NTLM the current 2.2.x proxy implementation does NOT support
it, because there is no guarantee that the same backend connection is used for
the next request on a keepalive frontend connection. Each request from a
frontend connection leases a backend connection from a connection pool for the
request and returns it back to the pool immediately after the request has been
processed. When the next request on this keepalive frontend connection is
processed it may lease a different backend connection from the pool.

This raises two questions for me:

1. The current approach of leasing connections from the pool on request base means,
   that a keepalive  frontend connection may use a different backend connection for
   each request and that a keepalive backend connection may be used by different frontend
   connections. Does this approach violate any RFC's we claim to implement / support?

2. If the answer to 1. is no, the question that remains is: Do we claim / want to support
   NTLM on proxied backends. As far as I understand there is no official spec for NTLM, correct?



View raw message