Hi, Amos > Squid can offer both types. Configure two sets of auth_param in the > order you would prefer them to be used. I know that. > auth_param ntlm program ..... > auth_param basic program ..... The above parameters return the follwoing http reply. > HTTP/1.0 407 Proxy Authentication Required > ..... > Proxy-Authenticate: NTLM > Proxy-Authenticate: Basic realm="XXXXXXXXXXX" > .... It looks ok. But, InternetExplorer8 has never been trying Basic authentication... How can I let IE try Basic auth after NTLM auth failed ? Squid version: 3.1.9 Sincerely, -- Mikio Kishi On Thu, Nov 18, 2010 at 6:01 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 18/11/10 18:48, Mikio Kishi wrote: >> >> Hi, all >> >> Now, I'm using NTLM authentication (auth_param ntlm ......). >> However, we can not browse some sites (windows update or adobe's one) >> bacause activex control is not supported NTLM authentication. >> >> So, I'd like to browse via "Basic auth" when "NTLM auth" is failed. >> Is it possible to configure such an authentication switching ? >> > > Squid can offer both types. Configure two sets of auth_param in the order > you would prefer them to be used. > > It is completely up to the agent to pick the one it wants reply with. Some > agents use the order offered as a hint. Others pick the strongest encryption > they support. > > This is as good as it gets at present. In all Squid 2.6+. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.9 > Beta testers wanted for 3.2.0.3 >