0

From what I understand proxies use a similar challenge/response system for authentication as HTTP does, except with a 407 response code where HTTP returns a 401 response code.

However if a client is configured to use a proxy and the authentication is setup correctly, does it need* to do the challenge/response actions? Can it not just send the hash in the first request to the proxy and be authenticated?

*Need refers to needing to correct in terms of the RFC spec (which I am not sure which one covers proxy)
mpromonet
  • 134
  • 1
  • 12
Robert MacLean
  • 2,186
  • 6
  • 28
  • 45

1 Answers1

1

For Digest authentication, I don't think this is possible.

As per RFC 2617, the Digest authentication is based on a challenge/response base on a nonce value sent by the server. As the server tracks the nonce and cnonce values, client has to receive a nonce value before authenticating.

Laurent Etiemble
  • 246
  • 2
  • 7