Adrian wrote:
Hi,
Im interested in using basic authentication for some
client IPs and NTLM for others.
I'm wondering if it's possible to set this up from
within squid using ACLs so that some are prompted
for username/password and others are forced to use
the NTLM fakeauth.
I have two separate lists of IPs and I wish to force the
clients in the lists through two different auth types.
I imagine the only alternative is to setup TCP forwarding
to separate squid instances running on the same box
based on the source IP but that seems a bit messy.
If someone knows how to do it i'd appreciate a tip.
Squid does not differentiate the types of auth a user has done.
It tries all methods its configured with (in the order configured) until
one succeeds. The common way to do this appears to be to use the
least-accepting method first and failover to the most-accepting. Or
vice-versa depending on the situation.
None of the methods will cause popup unless the users browser has no
record of credentials. Then the browser will be the one asking
regardless of the methods you use.
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
