> -----Original Message----- > From: Scott Mayo [mailto:sgmayo@xxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Friday, December 02, 2005 6:11 AM > To: squid > Subject: max_user_ip > > > If I want to make it to where each user can only be logged onto the > internet from one workstation at a time, do I need to add: > > acl <domainusers> max_user_ip -s 1 > > Is there anything else I need to change, like the athenticate_ttl? > If so what should I set that to? If I set the authenticate_ttl to > something like 5 hours, that just means that squid will keep the > authentication for 5 hours when they are still logged onto the > internet correct? If they actually close the web browser, they could > go directly to another machine or open the browser back up on this > machine and get back on, they would not have to wait 5 hours would > they? If I read this correctly, then the 5 hours is just alive as > along as that one instance of the web browser is open..or until the 5 > hours is up. > > Thanks. > > -- Scott Mayo I'll quote squid.conf.default here as I think it lays it out pretty clearly: # acl aclname max_user_ip [-s] number # # This will be matched when the user attempts to log in from more # # than <number> different ip addresses. The authenticate_ip_ttl # # parameter controls the timeout on the ip entries. and # TAG: authenticate_ip_ttl # If you use proxy authentication and the 'max_user_ip' ACL, this # directive controls how long Squid remembers the IP addresses # associated with each user. Use a small value (e.g., 60 seconds) if # your users might change addresses quickly, as is the case with # dialups. You might be safe using a larger value (e.g., 2 hours) in a # corporate LAN environment with relatively static address assignments. and # TAG: authenticate_ttl # The time a user & their credentials stay in the logged in user cache # since their last request. When the garbage interval passes, all user # credentials that have passed their TTL are removed from memory. If your authentication mechanism is slow, bump up the authenticate_ttl. If your users hop computers often, keep authenticate_ip_tll low. Chris
