On Apr 3, 2014, at 11:08 AM, Brendan Webb <webbbr@ohsu.edu> wrote:
> After upgrading from ATS 3.0.4 to 4.2.0, it appears that Authorization headers are being
stripped by ATS (or, at least, they aren't reaching the origin servers).
>
> I've dug through the documentation and mailing list archives, but can't seem to find
anything conclusive. Anyone have insight on what may have changed?
>
> In case it matters, I'm using NTLM Authentication on the origin servers.
This sounds like it might be related to origin server session sharing. I have a vague recollection
of something on the list about this with NTLM auth, but I could not find it in my archives.
IIRC, NTLM auth requires that server sessions are not shared.
J
|