You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2012/10/23 00:34:14 UTC
[jira] [Commented] (TS-1491) Browser always prompts for
authentication (NTLM)
[ https://issues.apache.org/jira/browse/TS-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481878#comment-13481878 ]
Leif Hedstrom commented on TS-1491:
-----------------------------------
I must be missing something, but should it not be something like:
{code{
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index fbafa0e..0b6e92e 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4372,10 +4372,9 @@ HttpSM::do_http_server_open(bool raw)
// gets to us, we should open a new connection for POST. I believe TS used
// to do this but as far I can tell the code that prevented keep-alive if
// there is a request body has been removed.
if (raw == false && t_state.txn_conf->share_server_sessions &&
(t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) &&
- ua_session != NULL) {
+ !is_private() && ua_session != NULL) {
shared_result = httpSessionManager.acquire_session(this, // state machine
&t_state.current.server->addr.sa, // ip + port
t_state.current.server->name, // hostname
@@ -4402,7 +4401,7 @@ HttpSM::do_http_server_open(bool raw)
// This bug was due to when share_server_sessions is set to 0
// and we have keep-alive, we are trying to open a new server session
// when we already have an attached server session.
- else if ((!t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) {
+ else if ((is_private() || !t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) {
HttpServerSession *existing_ss = ua_session->get_server_session();
if (existing_ss) {
{code}
> Browser always prompts for authentication (NTLM)
> ------------------------------------------------
>
> Key: TS-1491
> URL: https://issues.apache.org/jira/browse/TS-1491
> Project: Traffic Server
> Issue Type: Bug
> Components: Core
> Reporter: Yakov Kopel
> Assignee: Leif Hedstrom
> Fix For: 3.2.3
>
> Attachments: diff.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> When the client surf through the ATS to a site of SharedPoint, the user get NTLM prompt message again and again.
> This is because of the reuse option that is turned on by default (u can turn it off with the proxy.config.http.share_server_sessions option).
> My attached patch turns on the private_session flag when the ATS gets auth connection, and then it will not use the reuse option for this connection.
> ----
> For further reading on this global bug in proxies:
> http://blogs.msdn.com/b/asiatech/archive/2012/03/28/ie-always-prompts-for-authentication-when-browsing-through-proxy-server.aspx
> Microsoft recommend at (http://technet.microsoft.com/en-us/library/cc995189.aspx):
> “we recommend that you use SSL encryption for the traffic between Forefront TMG and the client. NTLM authentication is per connection, and encryption prevents improper reuse of connections by legacy proxy devices on the Internet.”
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira