Re: [squid-users] authentication mechanism selected based on ip-address

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 13 Feb 2009 23:00:46 +1300

Joseph Spadavecchia wrote:
> Hi all,
>
> We have a requirement to use different authentication mechanisms based
> on the subnet/ip-address of the client.
>
> For example, a client from one subnet would authenticate against ntlm
> while a client from another subnet would authenticate against an LDAP
> server.
>
> AFAIK, this is normally done by running multiple instances of squid; but
> we have the requirement to do it with a single instance. One way of
> achieving this would be to modify squid to pass the client's ip-address
> along with the authentication information. However, I'd like to do it
> cleanly without modifying squid.
>
> Can anyone offer suggestions for doing this cleanly, without
> modifications to squid.
>
> Thanks in advance.
> Joseph

External ACL taking client IP and Proxy-authentication header contents.
Then doing whatever you like and returning "OK user=XX\n" or "ERR\n"

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.5
Received on Fri Feb 13 2009 - 10:00:40 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 23 2009 - 12:00:01 MST