[squid-users] Suppressing authentication schemes
Philipp Gesang
philipp.gesang at intra2net.com
Wed Oct 21 06:53:06 UTC 2020
On Tuesday, 2020-10-20 10:59:41 -0400 Alex Rousskov <rousskov at measurement-factory.com> wrote
> On 10/20/20 10:44 AM, Philipp Gesang wrote:
> > On Tuesday, 2020-10-20 09:53:45 -0400 Alex Rousskov wrote
> >>> a while back we received a report from a customer that Windows
> >>> hosts will not fall back on conventional authentication
> >>> mechanisms if Squid advertises Negotiate. That is unfortunate as
> >>> not all systems in that customer’s network are Kerberos enabled
> >>
> >> We have added the auth_schemes directive to address this and similar
> >> problems. Unfortunately, the squid.conf renderer on the official site
> >> does not include v5+ options, but you can see raw documentation at
> >> https://github.com/squid-cache/squid/blob/710f160/src/cf.data.pre#L2139
>
> > That looks like it’s exactly what we need. So this will be a 5.x only
> > feature?
>
> It is a v5+ feature (i.e. it is in v5 now and should be in v6, v7, etc.).
How far away in the future do you think is an official v5 release
from now? Going by the git log it’s been in the making for quite
a while.
> You can, of course, lobby Amos, the v4 maintainer, for making a policy
> exception and officially including (a backport of) auth_schemes into v4.
> Factory may even have a v4-based branch somewhere that we can resurrect
> as a starting point for that backporting effort.
As a last resort, maybe. I’d rather see that effort invested in
moving ahead with v5. ;)
Best regards,
Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201021/2a12ae0e/attachment.sig>
More information about the squid-users
mailing list