Firewalls: Re: user authentication, http, & snews

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: user authentication, http, & snews
From:	oconnor @ reston . ans . net
Date:	Fri, 22 Mar 1996 10:19:58 -0500
To:	sgcccdc @ citec . qld . gov . au
Cc:	firewalls @ greatcircle . com

Colin,
	Yes the browser sends the proxy authentication info to the ANS
InterLock proxy on every connection.  It is passed in the MIME header
like the normal authentication info but with a different name 
"Proxy-Authorization" vice "Authorization".  That line is consumed at
the proxy and the rest of the message gets passed to the destination if
proxy authentication information is valid and all other conditions are
met.  The normal authentication information gets passed along so the user
can access pages that also require authentication.
	The "challenge" consists of sending the error code 407 instead of
401 to the client if the authentication information is required but absent.
	This mechanism wandered in and out of the various HTTP 1.0 drafts
but was included in the last HTTP 1.1 draft I looked at.  To the best of
my knowledge, Netscape is the only client that supports it currently
although I occasionally get calls from client vendors asking about it.

		Mike

Indexed By Date	Previous:	Re: user authentication, http, & snews From: "Donald B. Lehman" <fwml @ banditos . webo . dg . com>
Indexed By Date	Next:	Re: Your message re: Dos based Firewalls From: mdr @ vodka . sse . att . com
Indexed By Thread	Previous:	Re: user authentication, http, & snews From: "Donald B. Lehman" <fwml @ banditos . webo . dg . com>
Indexed By Thread	Next:	[no subject] From: Euterpe835 @ aol . com