Re: [squid-users] Using multiple auth scheme types in one squid instance?

From: Amos Jeffries <squid3@dont-contact.us>
Date: Mon, 17 Mar 2008 23:25:33 +1300

Adrian wrote:
> Hi,
>
> Im interested in using basic authentication for some
> client IPs and NTLM for others.
>
> I'm wondering if it's possible to set this up from
> within squid using ACLs so that some are prompted
> for username/password and others are forced to use
> the NTLM fakeauth.
>
> I have two separate lists of IPs and I wish to force the
> clients in the lists through two different auth types.
> I imagine the only alternative is to setup TCP forwarding
> to separate squid instances running on the same box
> based on the source IP but that seems a bit messy.
>
> If someone knows how to do it i'd appreciate a tip.

Squid does not differentiate the types of auth a user has done.
It tries all methods its configured with (in the order configured) until
one succeeds. The common way to do this appears to be to use the
least-accepting method first and failover to the most-accepting. Or
vice-versa depending on the situation.

None of the methods will cause popup unless the users browser has no
record of credentials. Then the browser will be the one asking
regardless of the methods you use.

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Mon Mar 17 2008 - 04:24:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT