Re: [squid-users] force basic NTLM-auth for certain clients/urls

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 12 Oct 2007 16:10:28 -0800

Markus.Rietzler@rzf.fin-nrw.de wrote:
> we are running squid 2.6stable16 with ntlm auth. we use winbind to
> support challenge response auth so that there is no user interaction or
> password dialog popup.
>
> is it possible to force basic auth - so that no ntlm-auth is used or
> tried before - for certain clients (eg acl javavm browser java) or urls?
>
> proxy-auth uses settings from auth_param but you can't define which
> auth-schema being used, right?
>

Right.

>
> markus
>

Perhaps it would be possible to use "header_access Proxy-Authenticate
deny java" and "header_replace" in a creative fashion to not tell the
java browser that NTLM is an authentication option. Given sufficient
free time, it would certainly be fun to tinker at...

http://www.squid-cache.org/Versions/v2/2.6/cfgman/header_access.html
http://www.squid-cache.org/Versions/v2/2.6/cfgman/header_replace.html

Chris
Received on Fri Oct 12 2007 - 18:10:41 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT