On 16/04/2013 8:09 p.m., Alan wrote:
Is there any way to construct an ACL that checks the authentication mechanism used (eg: radius/kerberos)?
No. But ...
I want to allow radius authentication only for FTP users, since there is no FTP client (that I know of) that works with Scalquid using kerberos authentication, but I want to enable it only for FTP and not HTTP. Or even better, anybody knows of a graphical FTP client that can authenticate to Squid using kerberos?
... I have a plan on how to add it if you are interested in sponsoring the feature development.
Alternatively if you are able to offer RADIUS with Basic auth scheme, why no offer it to all clients? they are supposed to select the most secure scheme they can support and most do (modulo a few bugs in old IE and recent Firefox)
Amos
