Hi all,
i have a (nice?) squid authentication/authorization challenge.
I already have a working authentication configuration using negiotiate
with squid_kerb_auth and ntlm using ntlm_auth. Authorization is done
using an external_acl_type with squid_ldap_group.
Now i want that users can authenticate/authorize using basic auth when
the squid_ldap_group check fails. Resulting in the following logic:
grant access if ((logged in windowsuser is in group internet) or
(given credentials authenticate for group internet))
As far as i understand i cant solve this with auth_param modifications
because the external_acl ldap_group already gets a validated username
from kerberos/ntlm (all clients are microsoft windows). I think i need
an additional external_acl helper with integrated basic auth. Right?
Is there any external_acl helper out there with the needed
functionality?
Regards, Robert
--
Robert Velter <Robert@xxxxxxxxx>
