On 21/11/2013 6:28 a.m., FredB wrote: > >> Objet: Replay Auth >> >> Hello, >> >> I'm trying to use squid with two identifications mode, first digest >> and second basic, all works without problem except one point >> >> auth_param basic credentialsttl 1 hours >> >> The proxy never claim the username and pass after 1 hour, so I found >> no way for forcing the replay with digest >> squid stop and start are also without effect (I guess that the >> browser replay automatically his credential). >> I should wait that the user close his browser ... I have an idea and TODO list entry for making that happen. But nobody has yet sponsored teh few days work that will take and my spare time has been dedicated towards other more interesting developments. > > Another question, how I can force some kind of browsers to use one particular ident method or another ? > For example Firefox, IE only with digest You can't. see RFC 2617 section 1.2: "The user agent MUST choose to use one of the challenges with the strongest auth-scheme it understands and request credentials from the user based upon that challenge." The only way to influence the browser selection from Squid is to not offer some schemes. eg an access control list per-scheme. Which is the idea mentioned above which has not been implemented. You can possibly turn off support for some schemes in the browser itself. But I've only heard of it being done to disable Digest and NTLM Amos
