On Mon, Mar 17, 2008 at 9:25 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Squid does not differentiate the types of auth a user has done. > It tries all methods its configured with (in the order configured) until > one succeeds. The common way to do this appears to be to use the > least-accepting method first and failover to the most-accepting. Or > vice-versa depending on the situation. I want to put 'trusted' users through NTLM fakeauth so I can capture their usernames without bothering them with a popup auth box. For the 'untrusted' user subnets, I want to give them a popup box and make them authenticate. Since fakeauth will always pass, I can't just configure the schemes in succession. I was thinking of writing my own fakeauth code which rejected anything in my 'untrusted' IP list forcing it to the next auth scheme, but I don't think the IP address is passed to authenticate scheme by squid to check against? Any other ideas? Thanks, Adrian.
