[squid-users] Multiple auth schemes in a single Squid instance

john jacob john.kj1984 at gmail.com
Wed Oct 5 11:07:04 UTC 2016


Hi All,

We have a requirement to use the same Squid instance for Basic and NTLM
authentication to serve various customer groups (may not be on different
network sections). The customer groups which are using Basic authentication
(for legacy reasons) should not receive NTLM scheme and the customer groups
which use NTLM should not receive Basic scheme. I couldn't find a way to
implement this using the existing Squid 4.x config options. So I am
thinking of introducing a new config parameter called "endpoints" like
below.

auth_param basic endpoints ipofBasic portofBasic # Default is "endpoints
all"

auth_param ntlm endpoints ipofNTLM portofNTLM # Default is "endpoints all"

acl ipofBasic  localip 192.168.4.2
acl portofBasic localport 3129 3139

acl ipofNTLM ipofNTLM  192.168.4.2
acl portofNTLMlocalport 3149 3159


The idea is ,if Squid recieves a request on an endpoint on which only basic
authentication is needed (ie 192.168.4.2:3129 and 192.168.4.2:3139), NTLM
will not be presented to the client/browser. Vice versa for NTLM. If no
endpoints is configured , then the existing behavior will be applied.

Do you think this is reasonable and is there are any obvious problems with
this?. If you find this useful, I am happy to contribute back when I finish
implementing this module (I haven't yet started developing).

Please let me know your thoughts.

Regards,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161005/a1a002e2/attachment.html>


More information about the squid-users mailing list