[squid-users] Suppressing authentication schemes
Alex Rousskov
rousskov at measurement-factory.com
Tue Oct 20 14:59:41 UTC 2020
On 10/20/20 10:44 AM, Philipp Gesang wrote:
> On Tuesday, 2020-10-20 09:53:45 -0400 Alex Rousskov wrote
>>> a while back we received a report from a customer that Windows
>>> hosts will not fall back on conventional authentication
>>> mechanisms if Squid advertises Negotiate. That is unfortunate as
>>> not all systems in that customer’s network are Kerberos enabled
>>
>> We have added the auth_schemes directive to address this and similar
>> problems. Unfortunately, the squid.conf renderer on the official site
>> does not include v5+ options, but you can see raw documentation at
>> https://github.com/squid-cache/squid/blob/710f160/src/cf.data.pre#L2139
> That looks like it’s exactly what we need. So this will be a 5.x only
> feature?
It is a v5+ feature (i.e. it is in v5 now and should be in v6, v7, etc.).
You can, of course, lobby Amos, the v4 maintainer, for making a policy
exception and officially including (a backport of) auth_schemes into v4.
Factory may even have a v4-based branch somewhere that we can resurrect
as a starting point for that backporting effort.
Cheers,
Alex.
More information about the squid-users
mailing list