Hi Amos,
thanks for your clarification and the link. So i try now the following:
1) Add a working basic auth to auth_param (probably ldap_auth).
2) Modify the access list from
http_access allow ldapgroup-access
http_access deny all
to
http_access deny !ldapgroup-access
http_access allow all
This should trigger then the mentioned authentication loop mentioned in
the FAQ and hope that at least the used browsers work sane...
I dont care about update agents (adobe, java, ...), they should be
disabled in this environment anyway.
Robert
Am Donnerstag, den 07.07.2011, 00:39 +1200 schrieb Amos Jeffries:
>
> That will probably die horribly. NTLM & Negotiate both hijack HTTP to
> try and authenticate the TCP-level. Once credentials are accepted a
> change in auth requires the TCP link itself to be terminated.
>
> You can cause a re-auth challenge, but Squid will still offer the same
> set of Negotaiate,NTLM,Basic as available. The sane browsers should move
> on to the next available choice they have not tried (most agents are not
> that sane though).
>
> Details of how to re-auth are in the FAQ:
>
> http://wiki.squid-cache.org/Features/Authentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F
>
> Amos
--
Robert Velter <Robert@xxxxxxxxx>
