Return-Path: 
 <users-return-3951-apmail-trafficserver-users-archive=trafficserver.apache.org@trafficserver.apache.org>
X-Original-To: apmail-trafficserver-users-archive@www.apache.org
Delivered-To: apmail-trafficserver-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 119ED110FF
	for <apmail-trafficserver-users-archive@www.apache.org>;
 Thu,  3 Apr 2014 19:50:25 +0000 (UTC)
Received: (qmail 14222 invoked by uid 500); 3 Apr 2014 19:50:23 -0000
Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org
Received: (qmail 13767 invoked by uid 500); 3 Apr 2014 19:50:22 -0000
Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@trafficserver.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@trafficserver.apache.org>
List-Post: <mailto:users@trafficserver.apache.org>
List-Id: <users.trafficserver.apache.org>
Reply-To: users@trafficserver.apache.org
Delivered-To: mailing list users@trafficserver.apache.org
Received: (qmail 13754 invoked by uid 99); 3 Apr 2014 19:50:21 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Apr 2014 19:50:21 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Received: from [17.151.62.49] (HELO mail-out.apple.com) (17.151.62.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Apr 2014 19:50:15 +0000
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from relay8.apple.com ([17.128.113.102])
 by mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0
 64bit
 (built Oct 22 2013)) with ESMTP id <0N3H00KZR0ERUKH1@mail-out.apple.com> for
 users@trafficserver.apache.org; Thu, 03 Apr 2014 12:49:52 -0700 (PDT)
X-AuditID: 11807166-f79c26d000001623-f4-533dbb5fae25
Received: from fenugreek.apple.com (fenugreek.apple.com [17.128.115.97])
	(using TLS with cipher RC4-MD5 (128/128 bits))
	(Client did not present a certificate)	by relay8.apple.com (Apple SCV relay)
 with SMTP id 6C.EC.05667.F5BBD335; Thu,  3 Apr 2014 12:49:52 -0700 (PDT)
Received: from [17.149.233.249] (unknown [17.149.233.249])
 by fenugreek.apple.com
 (Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit (built
 Nov
 17 2011)) with ESMTPSA id <0N3H00EWL0F3TM30@fenugreek.apple.com> for
 users@trafficserver.apache.org; Thu, 03 Apr 2014 12:49:51 -0700 (PDT)
Subject: Re: Authorization headers stripped in 4.x?
From: James Peach <jpeach@apache.org>
In-reply-to: <CF62F1B6.65A62%webbbr@ohsu.edu>
Date: Thu, 03 Apr 2014 12:49:53 -0700
Message-id: <001B591E-B45D-40F7-86D3-0153FD4E63C8@apache.org>
References: <CF62F1B6.65A62%webbbr@ohsu.edu>
To: users@trafficserver.apache.org
X-Mailer: Apple Mail (2.1874)
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFprJLMWRmVeSWpSXmKPExsUi2FCcqJuw2zbY4I+wxfpNB9kcGD2eb/3H
	FsAYxWWTkpqTWZZapG+XwJXxqXcqW8Ef1ooDf5cwNTA+ZOli5OSQEDCR+H95LyOELSZx4d56
	ti5GLg4hgclMEptOr2KEcDYzSbw/vYcdpIpZQEti/c7jTCA2r4CexJmzv8DiwgLGEiv2fAKz
	2QRUJXbvOwI2lVNAV+LNs51sIDYLULyh6TDUHG2JJ+8usELMsZWYvX8b2EwhAR2JhceXg9WI
	CChJfNm4nR3iOlmJRx+aWCYw8s9CcsYsJGfMQjJ2ASPzKkaBotScxEoLvcSCgpxUveT83E2M
	4AArTNvB2LTc6hCjAAejEg8vR7ptsBBrYllxZe4hRgkOZiUR3tY2oBBvSmJlVWpRfnxRaU5q
	8SFGaQ4WJXHerVpWwUIC6YklqdmpqQWpRTBZJg5OqQZGKyH2p9uXnPq58uC0UxMmTuNgFbrB
	E3HsM8uahzksATNloo27Ey6nJ8gUdB0tuew+O/jzL/YTf1Z9+xClf3rVuc8OufeE5c5+vyg6
	7dKZBuHJJ9bPlPD/rX5XrunDDX/uJbr1imkKqS9+L52kIzPzUVVl1C8Bk4ZDHbEnQ18tWSUX
	kNiY8WXRJCWW4oxEQy3mouJEAKfhDTksAgAA
X-Virus-Checked: Checked by ClamAV on apache.org

On Apr 3, 2014, at 11:08 AM, Brendan Webb <webbbr@ohsu.edu> wrote:

> After upgrading from ATS 3.0.4 to 4.2.0, it appears that Authorization headers are being stripped by ATS (or, at least, they aren't reaching the origin servers).
> 
> I've dug through the documentation and mailing list archives, but can't seem to find anything conclusive. Anyone have insight on what may have changed?
> 
> In case it matters, I'm using NTLM Authentication on the origin servers.

This sounds like it might be related to origin server session sharing. I have a vague recollection of something on the list about this with NTLM auth, but I could not find it in my archives. IIRC, NTLM auth requires that server sessions are not shared.

J