On 21/11/2013 6:28 a.m., FredB wrote:
>
>> Objet: [squid-users] Replay Auth
>>
>> Hello,
>>
>> I'm trying to use squid with two identifications mode, first digest
>> and second basic, all works without problem except one point
>>
>> auth_param basic credentialsttl 1 hours
>>
>> The proxy never claim the username and pass after 1 hour, so I found
>> no way for forcing the replay with digest
>> squid stop and start are also without effect (I guess that the
>> browser replay automatically his credential).
>> I should wait that the user close his browser ...
I have an idea and TODO list entry for making that happen. But nobody
has yet sponsored teh few days work that will take and my spare time has
been dedicated towards other more interesting developments.
>
> Another question, how I can force some kind of browsers to use one particular ident method or another ?
> For example Firefox, IE only with digest
You can't. see RFC 2617 section 1.2:
"The user agent MUST choose to use one of the challenges with the
strongest auth-scheme it understands and request credentials from the
user based upon that challenge."
The only way to influence the browser selection from Squid is to not
offer some schemes. eg an access control list per-scheme. Which is the
idea mentioned above which has not been implemented.
You can possibly turn off support for some schemes in the browser
itself. But I've only heard of it being done to disable Digest and NTLM
Amos
Received on Thu Nov 21 2013 - 03:13:20 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 21 2013 - 12:00:06 MST