[squid-users] fallback from kerberos sso to basic auth
Müller, Thomas
TMueller at pdv-sachsen.net
Thu Oct 26 13:27:44 UTC 2023
Hi,
does anyone knows wether is this scenario possible?
setup:
- squid 5.x
- host is domain joined (winbind)
- kerberos is configured and working
- squid uses as auth params kerberos/ntlm - ntlm - basic (ldap) in this
order
- clients are all domain joined
- every user is a domain user
- some users are member of group "internet", some others are not
- permission is set to group members (internet)
challenge:
- the users without group membership (internet) should be forced to use
basic auth (ldap) to give alternative user credentials (with group
membership internet)
Some tries with auth_schemes were not succesful.
Customer use in its old setup (Microsoft Forefront TMG) with this
feature (someone had built a workaround with a helper script in the
past.)
I had never seen this, but the behaviour of it.
--
Mit freundlichen Grüßen
Thomas Müller
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20231026/0a1d4c9e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4649 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20231026/0a1d4c9e/attachment.bin>
More information about the squid-users
mailing list