[jcifs] NTLM HTTP authentication & proxy notes
marko.asplund at kronodoc.fi
Fri Nov 28 17:24:10 EST 2003
i've been integrating a jCIFS based NTLM HTTP authentication solution to
an existing web application and i thought i'd share some of the
experiences with the list. our problems were mainly related to HTTP
persistent connections and proxies.
Proxies were a cause of major headache in our project. NTLM HTTP
authentication won't work without HTTP Keep-Alive's and some proxies
don't properly respect Keep-Alive requests. we've deployed the
application in an environment with the following network configuration:
browser <==> TLS terminator hardware <==> HTTP reverse proxy <==> HTTP
reverse proxy <==> web application
at one point we were using Apache mod_ssl for doing TLS termination.
Apache v1.3 mod_ssl default configuration contains the following lines:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
here we had to remove 'nokeepalive' and 'downgrade-1.0' parameters in
order to make Keep-Alive's work.
another issue was that an Apache mod_proxy based HTTP-HTTP reverse proxy
failed to do Keep-Alive. this turned out to be a bug in an ancient
mod_proxy version 1.3.19, upgrading to 1.3.28 fixed this problem.
hope this helps some of you,
More information about the jcifs