[squid-dev] Authentication-Info and Negotiate
Markus Moeller
huaraz at moeller.plus.com
Thu Jan 29 20:40:36 UTC 2015
>On 29/01/2015 8:43 a.m., Markus wrote:
>> Hi Amos,
>>
>> I never heard about squid Negotiate being non standard. Can you point
>> me to the reference please ?
>>
>
>The header syntax is defined in RFC 2617
>(<http://tools.ietf.org/html/rfc2617#section-3.2.3>)
>
This RFC is only for "Basic and Digest Access Authentication" isn't it?
It defines
the WWW-Authenticate: and Authorization: headers for the two auth schemes.
Negotiate with NTLM or Kerberos token was defined in
http://www.ietf.org/rfc/rfc4559.txt with
challenge = "Negotiate" auth-data
auth-data = 1#( [gssapi-data] )
So the rfc does not define kv pairs.
>Julian Reschke has a new draft out for clarifying the syntax which makes
>it plainy obvious as " key=value [ ',' key=value ]* " :
><http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00>
>
http://tools.ietf.org/html/rfc7235 tries to define a standard for all
Authentication methods but seems to ignore rfc4559 as it refers only to
rfc2617.
The Reschke draft deals only with a new Authentication-Info header, so has
nothing directly to do with the other rfcs.
>... by comparison Squid just dumps "Negotiate " then base64 token into
>the header like it was using WWW-/Proxy-Authenticate syntax.
>
>Amos
Regards
Markus
More information about the squid-dev
mailing list