On 21/10/20 7:53 pm, Philipp Gesang wrote: > On Tuesday, 2020-10-20 10:59:41 -0400 Alex Rousskov wrote >> On 10/20/20 10:44 AM, Philipp Gesang wrote: >>> On Tuesday, 2020-10-20 09:53:45 -0400 Alex Rousskov wrote >>>>> a while back we received a report from a customer that Windows >>>>> hosts will not fall back on conventional authentication >>>>> mechanisms if Squid advertises Negotiate. That is unfortunate as >>>>> not all systems in that customer’s network are Kerberos enabled >>>> >>>> We have added the auth_schemes directive to address this and similar >>>> problems. Unfortunately, the squid.conf renderer on the official site >>>> does not include v5+ options, but you can see raw documentation at >>>> https://github.com/squid-cache/squid/blob/710f160/src/cf.data.pre#L2139 >> >>> That looks like it’s exactly what we need. So this will be a 5.x only >>> feature? >> >> It is a v5+ feature (i.e. it is in v5 now and should be in v6, v7, etc.). > > How far away in the future do you think is an official v5 release > from now? Going by the git log it’s been in the making for quite > a while. There are a few criteria. The current stage of beta release is waiting on there being no major bugs added by Version 5: <https://bugs.squid-cache.org/buglist.cgi?bug_id_type=anyexact&bug_severity=blocker&bug_severity=critical&bug_severity=major&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&columnlist=bug_severity%2Cversion%2Cop_sys%2Cshort_desc&f1=version&list_id=7846&o1=lessthaneq&o2=equals&order=version%20DESC%2Cbug_severity%2Cbug_id&product=Squid&query_format=advanced&v1=5&v2=unspecified> The ones with Vers saying "5" are release blockers. Older ones are wishlist as far as release goes. After that we need at least half a beta release cycle with no new major bugs being found. > >> You can, of course, lobby Amos, the v4 maintainer, for making a policy >> exception and officially including (a backport of) auth_schemes into v4. >> Factory may even have a v4-based branch somewhere that we can resurrect >> as a starting point for that backporting effort. > > As a last resort, maybe. I’d rather see that effort invested in > moving ahead with v5. ;) > All assistance welcome. Since you are going to use the auth_schemes feature working on <https://bugs.squid-cache.org/show_bug.cgi?id=4832> should be a good mutual RoI. Alternatively, <https://github.com/squid-cache/squid/pull/308> is needed by Squid but original author no longer has interest in doing the polish to pass our QA process. Cheers, Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users