NTLM is a connection oriented three phase authentication scheme. The authentication flow goes like this:
The web client (browser) makes an HTTP request to the proxy
The proxy responds that authentication is required and that NTLM authentication is supported
The client then sends the same HTTP request with credentials identifying machine and user
The proxy responds with an NTLM challenge
The client sends the request again with the challenge response
If the challenge response is good, then the proxy serves the web page.
All three phases will be logged in the HTTP Access Log. If the browser/web client makes another request on the same TCP connection as the request on the last phase, the request will be served without authentication challenge because that TCP connection is considered to be authorized, so subsequent requests on that TCP connection will only show once in the access log. If surrogates are being used (cookie or IP) then the access log will only show the challenge once until the surrogate TTL has passed. Essentially, the user is only authenticated once every TTL interval.
Imported Document ID: 000016392
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.