On Apr 18, 2016, 6:25 PM -0700, Maxim Dounin<[email protected]>, wrote: > Hello! > > On Mon, Apr 18, 2016 at 02:28:19PM -0700, Payam Chychi wrote: > > > > Maxim Dounin: > > > > > > > Just a side note: NTLM auth is broken by design and violates HTTP > > > > basic rules. Avoid using it if you can. > > > > > > to be clear: I don't care if it's named NTLM or ugly_voodoo > > > > > > The goal is a nginx accesses by a IE/edge browser. Users should not be > > > bothered with authentication > > > as they are already logged on into the windows account. > > > > > > possible? > > > > > > > Im not sure what you do not understand from the reply, NTLM auth is broken. > > This is not about "lets call it Voodoo_melt" and make it work, Windows > > utilizes NTLM, so... what you are trying to use will not work. why? because > > NGINX NTLM does not work. > > No, you didn't get it. NTLM http auth itself, as "defined" by > RFC 4559, is broken by design, and it has nothing to do with nginx. > In anything more complex than "a server and directly connected > clients" it's expected to require various NTLM-specific hacks, > quirks, and so on. Because NTLM tries to authenticate connections > instead of requests, thus breaking basic HTTP principles. > > The above, actually, is explicitly said in RFC 4559 Errata, see > https://www.rfc-editor.org/errata_search.php?rfc=4559. > > And that's why I don't recommend using it if possible. Regardless > of support in particular software. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > > > Hi Maxim, > > Broken or not, its what MS supports and its not going anywhere just yet. > > If he/his application needs ntlm, mainly because of MS based solitions and > first hand i can say that nginx module v.s squid comes up very short. > > So in short... If you 'need' ntlm and want a fully working ntlm auth then > proxy/redir to a squid box, or wrap it in a tcp proxy; lot of ways to make > something work if you 'must' >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
