Re: [squid-users] authentication switching

From: Mikio Kishi <mkishi_at_104.net>
Date: Thu, 18 Nov 2010 18:49:13 +0900

Hi, Amos

> Squid can offer both types. Configure two sets of auth_param in the
> order you would prefer them to be used.

I know that.

> auth_param ntlm program .....
> auth_param basic program .....

The above parameters return the follwoing http reply.

> HTTP/1.0 407 Proxy Authentication Required
> .....
> Proxy-Authenticate: NTLM
> Proxy-Authenticate: Basic realm="XXXXXXXXXXX"
> ....

It looks ok. But, InternetExplorer8 has never been trying Basic
authentication...
How can I let IE try Basic auth after NTLM auth failed ?

Squid version: 3.1.9

Sincerely,

--
Mikio Kishi
On Thu, Nov 18, 2010 at 6:01 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 18/11/10 18:48, Mikio Kishi wrote:
>>
>> Hi, all
>>
>> Now, I'm using NTLM authentication (auth_param ntlm ......).
>> However, we can not browse some sites (windows update or adobe's one)
>> bacause activex control is not supported NTLM authentication.
>>
>> So, I'd like to browse via "Basic auth" when "NTLM auth" is failed.
>> Is it possible to configure such an authentication switching ?
>>
>
> Squid can offer both types. Configure two sets of auth_param in the order
> you would prefer them to be used.
>
> It is completely up to the agent to pick the one it wants reply with. Some
> agents use the order offered as a hint. Others pick the strongest encryption
> they support.
>
> This is as good as it gets at present. In all Squid 2.6+.
>
> Amos
> --
> Please be using
> �Current Stable Squid 2.7.STABLE9 or 3.1.9
> �Beta testers wanted for 3.2.0.3
>
Received on Thu Nov 18 2010 - 09:49:19 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST