[squid-users] proxy_auth acl causing challenge loop

From: Pim Zandbergen <P.Zandbergen@dont-contact.us>
Date: Wed, 16 Nov 2005 10:35:34 +0100

After upgrading Fedora Core 3 to Fedora Core 4, my squid setup was
upgraded from 2.5.STABLE6 to 2.5.STABLE11.

I'm using ntlm authentication using winbindd, using group membership
in Active Directory to split users into groups who have full, limited
or no access to the Internet. Because of ntlm, most users don't even
realize they are using authentication to access resources on the Internet.

Until now. Users who are denied access because of a proxy_auth ACL
now are rechallenged endlessly, allowing them to authenticate
differently, instead of just getting an access denied message based
on their current credentials.

Going through the mailing list archives, I can only find one reference
to this issue, namely someone asking for this new type of behaviour,
arguing this is the way MS ISA behaves.

Well, I really prefer the old behaviour, so I hope the behaviour is not
hardcoded, but configurable.

Is it?

Thanks,
Pim
Received on Wed Nov 16 2005 - 02:35:48 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST