[squid-dev] Authentication-Info and Negotiate

Markus Moeller huaraz at moeller.plus.com
Thu Jan 29 20:40:36 UTC 2015


>On 29/01/2015 8:43 a.m., Markus wrote:
>> Hi Amos,
>>
>>   I never heard about squid Negotiate being non standard. Can you point
>> me to the reference please ?
>>
>
>The header syntax is defined in RFC 2617
>(<http://tools.ietf.org/html/rfc2617#section-3.2.3>)
>

This RFC is only for "Basic and Digest Access Authentication" isn't it? 
It defines

the WWW-Authenticate: and Authorization: headers for the two auth schemes.

Negotiate with NTLM or Kerberos token was defined in 
http://www.ietf.org/rfc/rfc4559.txt with

         challenge       = "Negotiate" auth-data
        auth-data       = 1#( [gssapi-data] )

So the rfc does not define kv pairs.

>Julian Reschke has a new draft out for clarifying the syntax which makes
>it plainy obvious as " key=value [ ',' key=value ]* " :
><http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00>
>

http://tools.ietf.org/html/rfc7235 tries to define a standard for all 
Authentication methods but seems to ignore rfc4559 as it refers only to 
rfc2617.

The Reschke draft deals only with a new Authentication-Info header, so has 
nothing directly to do with the other rfcs.

>... by comparison Squid just dumps "Negotiate " then base64 token into
>the header like it was using WWW-/Proxy-Authenticate syntax.
>
>Amos

Regards
Markus 




More information about the squid-dev mailing list