Hi All,
We have a requirement to use the same Squid instance for Basic and NTLM authentication to serve various customer groups (may not be on different network sections). The customer groups which are using Basic authentication (for legacy reasons) should not receive NTLM scheme and the customer groups which use NTLM should not receive Basic scheme. I couldn't find a way to implement this using the existing Squid 4.x config options. So I am thinking of introducing a new config parameter called "endpoints" like below.
auth_param basic endpoints ipofBasic portofBasic # Default is "endpoints all"
auth_param ntlm endpoints ipofNTLM portofNTLM # Default is "endpoints all"
acl ipofBasic localip 192.168.4.2
acl portofBasic localport 3129 3139
acl ipofNTLM ipofNTLM 192.168.4.2
acl portofNTLMlocalport 3149 3159
The idea is ,if Squid recieves a request on an endpoint on which only basic authentication is needed (ie 192.168.4.2:3129 and192.168.4.2:3139), NTLM will not be presented to the client/browser. Vice versa for NTLM. If no endpoints is configured , then the existing behavior will be applied.
Do you think this is reasonable and is there are any obvious problems with this?. If you find this useful, I am happy to contribute back when I finish implementing this module (I haven't yet started developing).
Please let me know your thoughts.
Regards,
John
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users