If create a realm and turn BASIC, NTLM and KERBEROS on, is there a way in CPL or VPM to limit which of these methods can be used based on source IP or destination URL/category?

For example, can rules be created in an auth layer that says, "If these sources, allow BASIC" in rule 1, and thenin rule 2 have a default, "if any other source, use NTLM and KERBEROS only"?

Release : 7.3.7.1

Component : Default-Sym

The authenticate object can only specify a realm, cannot specify auth method.

We can create multiple realms with same domain, but with different auth method(s) enabled.

For example,

realm1,

name: IWAdirect1; domain: mydomain; allow basic, ntlm, kerberos

realm2,

name: IWAdirect2; domain: mydomain; allow basic

in the policy, (for same layer, if rule 1 matched, rule 2 will not be evaluated, so order the rules in same layer from more specific to more generic)

rule 1, (allow basic only)

if source1, authenticate(IWAdirect2)

rule 2,

any source, authenticate(IWAdirect1)