Does the ProxySG cache NTLM credentials?
search cancel

Does the ProxySG cache NTLM credentials?


Article ID: 165692


Updated On:


ProxySG Software - SGOS


No, the ProxySG does not cache NTLM credentials; they are encrypted.  Instead, the ProxySG maintains two types of credential caches:

  • Server-side credential cache—The credential cache is only for BASIC authentication. If NTLM falls back to BASIC authentication, the credentials are stored here.
  • Client-side credential cache—This credential cache stores "surrogate credentials" for all authentication types except BASIC. Surrogate credentials are credentials that are accepted in place of the user’s real credentials. After a user is successfully authenticated, the ProxySG stores a surrogate credential, which can be an IP address or a cookie. The next time the same user makes a request, the ProxySG will use the surrogate credential rather than challenging the user again.