W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: 100 Continue and Expects

From: Mark Pauley <mpauley@apple.com>
Date: Fri, 2 Apr 2010 15:23:14 -0700
Cc: Adrien de Croy <adrien@qbik.com>, ietf-http-wg@w3.org
Message-Id: <EB8337F6-25B6-47A1-899B-039C924EE80D@apple.com>
To: Jamie Lokier <jamie@shareable.org>
I'm talking about the first NTLM leg here, once we've already established that we need to authenticate, and we've decided that the authentication method will be NTLM.  As far as I can understand, unless the proxy server can break the NTLM sequence and simply forward the request when we send the initial NTLM salt, we will always expect a 4xx response from the first request sent in the NTLM sequence.


On Apr 2, 2010, at 3:20 PM, Jamie Lokier wrote:

> Mark Pauley wrote:
>> Practically however: I've seen that Microsoft proxy servers and web
>> servers that use NTLM authentication always ignore payload sent with
>> the initiation of the NTLM authentication.  In essence, the first
>> request isn't really HTTP because the client really expects the
>> server to respond only with a 4xx message.
> 
> A proxy is free to forward your request to IIS between 10am and 2pm,
> and to forward your request to Apache on a Linux box with no
> authentication after 2pm.  So it is, alas, broken in this scenario.
> But that's the nature of the NTLM beast.
> 
> -- Jamie
Received on Friday, 2 April 2010 22:23:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:17 GMT