Hi I'm searching a way to authenticate IE6-clients with ntlm based on group-membership and all other clients (IE7, IE8) with kerberos (also group-membership-based). I'm able to authenticate with kerberos AND group-membership (squid_kerb_ldap), but the IE6-clients will then prompt for the squid_kerb_ldap-authentication. If I leave the squid_kerb_ldap-helper away, then all users are able to authenticate without checking the group-membership. How can I achieve to have a proper single-sign-on kerberos-authentication (with squid_kerb_ldap) and a fallback-ntlm-authentication for the IE6-browser (also with checking group-membership) without prompting for username/password? Thank you. Regards Tom
