[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openconnect-devel
Subject:    Proxy Authentication
From:       dwmw2 () infradead ! org (David Woodhouse)
Date:       2013-09-04 10:28:56
Message-ID: 1378290536.16328.97.camel () shinybook ! infradead ! org
[Download RAW message or body]

On Wed, 2013-09-04 at 09:46 +0000, Duft Markus wrote:
> 
> Now for my question: i'm behind a NTLM proxy requiring authentication,
> and this does not seem to work with openconnect. Is there any
> information about that (google didn't come up with something useful),
> or plans to implement this? 

http://squid.sourceforge.net/ntlm/client_proxy_protocol.html

Patches welcome.

First make openconnect parse the username and password fields from the
URL properly, so it doesn't think they're part of the server hostname.

Then make it detect the Proxy-Authenticate: response from the proxy and
do the right thing (giving an error message if we has no login details
or it is a method other than 'NTLM', and attempting to connect again
with an appropriate Proxy-Authorization: header if it does.)

Where I say "an appropriate Proxy-Authorization: header" above, I can
give you a function that will *create* the base64 content of that header
for you; don't worry about that bit. Get the groundwork done, and I can
do that bit easily enough.


-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130904/f003e5d2/attachment.bin>



[prev in list] [next in list] [prev in thread] [next in thread]