httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devi Krishna" <devkrish.webeng...@gmail.com>
Subject Re: Regarding NTLM for mod_proxy
Date Fri, 23 Feb 2007 21:58:53 GMT
Hi William

Thanks for the quick response. I guess you meant "Apache cannot route
requess from multiple clients to same proxy...." .

Would this mean that providing this support in apache proxy would not be
trivial work ?  Or is it just the fact that this is not safe and hence this
support is not provided ?

In our scenario we need this kind of support, so was planning to fix this.

Kindly advice on how much do you think would be the work load. I am just
getting familiar with the mod_proxy code

Thanks & Regards
Devi

On 2/23/07, William A. Rowe, Jr. <wrowe@rowe-clan.net> wrote:
>
> Devi Krishna wrote:
> >
> >  I am trying to get mod_proxy_http to work in pass through mode for NTLM
> > authentication. I see that in apache proxy we dont keep the backend
> > connection persistant. This causes NTLM to fail because on receiving
> > type2 message from client, the proxy forwards this to the Origin Server
> > using a new connection. This causes the NTLM authentication to fail
>
> Turn off keepalives.  Because Apache can now route requests from multiple
> clients to the same proxy connection, the combination is lethal.
>
> NTLM/SSPI is connection-oriented, in violation of HTTP, rendering it
> either unproxy-able or at least unsafe to retain/share connections.
>

Mime
View raw message