On Mon, Mar 17, 2008 at 9:25 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:
> Squid does not differentiate the types of auth a user has done.
> It tries all methods its configured with (in the order configured) until
> one succeeds. The common way to do this appears to be to use the
> least-accepting method first and failover to the most-accepting. Or
> vice-versa depending on the situation.
I want to put 'trusted' users through NTLM fakeauth so I can capture
their usernames without bothering them with a popup auth box. For the
'untrusted' user subnets, I want to give them a popup box and make
them authenticate.
Since fakeauth will always pass, I can't just configure the schemes in
succession. I was thinking of writing my own fakeauth code which
rejected anything in my 'untrusted' IP list forcing it to the next auth
scheme, but I don't think the IP address is passed to authenticate
scheme by squid to check against?
Any other ideas?
Thanks,
Adrian.
Received on Mon Mar 17 2008 - 06:03:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT