http://www.oster-lundqvist.com/karsten/blog/index.php?entry=/2006-11-06.txt

At the University of Reading we have a very effective proxy, which usually is a very nice a secure thing. But when you try to connect to the outer world from non-browser applications it all falls apart. Most applications follow the NTLM HTTP protocol for proxy authentication, but not the NTLM HTTP proxy protocol for proxy authentication (note the extra "proxy" between NTLM and authentication!) This is probably due to the fact that it is only descriped in 3 lines of appendix B of the NTLM documentation whereas standard HTTP protocol are given many lines.

This is for instance the reason that Ubuntu and Fedora won't update automatically from inside the University, even when using ntlmaps which according to Ubuntu should do the trick, but Ntlmaps doesn't support NTLM HTTP Proxy authentication!

I realised this while I had to get rss-feeds into a "learning landscape" we are organising for our first year students called RedGloo. In Ethereal I could see that the wrong protocol was followed. So I had to rewrite the php script used and it now succesfully gets the feeds through the proxy.

This will probably lead to a "home" project to make a NTLM HTTP Proxy protocol complient gateway, so that I can use Ubuntu inside the firewall. We'll see what time will allow…