When the client surf through the ATS to a site of SharedPoint, the user get NTLM prompt message again and again.
This is because of the reuse option that is turned on by default (u can turn it off with the proxy.config.http.share_server_sessions option).
My attached patch turns on the private_session flag when the ATS gets auth connection, and then it will not use the reuse option for this connection.
For further reading on this global bug in proxies:
Microsoft recommend at (http://technet.microsoft.com/en-us/library/cc995189.aspx):
“we recommend that you use SSL encryption for the traffic between Forefront TMG and the client. NTLM authentication is per connection, and encryption prevents improper reuse of connections by legacy proxy devices on the Internet.”