Search squid archive

RE: max_user_ip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> -----Original Message-----
>> From: Scott Mayo [mailto:sgmayo@xxxxxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Friday, December 02, 2005 6:11 AM
>> To: squid
>> Subject:  max_user_ip
>>
>>
>> If I want to make it to where each user can only be logged onto the
>> internet from one workstation at a time, do I need to add:
>>
>> acl <domainusers> max_user_ip -s 1
>>
>> Is there anything else I need to change, like the athenticate_ttl?
>> If so what should I set that to?  If I set the authenticate_ttl to
>> something like 5 hours, that just means that squid will keep the
>> authentication for 5 hours when they are still logged onto the
>> internet correct?  If they actually close the web browser, they could
>> go directly to another machine or open the browser back up on this
>> machine and get back on, they would not have to wait 5 hours would
>> they?  If I read this correctly, then the 5 hours is just alive as
>> along as that one instance of the web browser is open..or until the 5
>> hours is up.
>>
>> Thanks.
>>
>> -- Scott Mayo
>
> I'll quote squid.conf.default here as I think it lays it out pretty
> clearly:
>
> #       acl aclname max_user_ip [-s] number
> #         # This will be matched when the user attempts to log in from
> more
> #         # than <number> different ip addresses. The authenticate_ip_ttl
> #         # parameter controls the timeout on the ip entries.
>
> and
>
> #  TAG: authenticate_ip_ttl
> #       If you use proxy authentication and the 'max_user_ip' ACL, this
> #       directive controls how long Squid remembers the IP addresses
> #       associated with each user.  Use a small value (e.g., 60 seconds)
> if
> #       your users might change addresses quickly, as is the case with
> #       dialups. You might be safe using a larger value (e.g., 2 hours) in
> a
> #       corporate LAN environment with relatively static address
> assignments.
>
> and
>
> #  TAG: authenticate_ttl
> #       The time a user & their credentials stay in the logged in user
> cache
> #       since their last request. When the garbage interval passes, all
> user
> #       credentials that have passed their TTL are removed from memory.
>
> If your authentication mechanism is slow, bump up the authenticate_ttl.
> If your users hop computers often, keep authenticate_ip_tll low.
>
> Chris
>

This is what I had been reading.  So from what it says, they will not be
able to open a 2nd browser until the authenticate_ttl is up.  That kind of
makes things tough, if it is set to so many hours, then they cannot open a
2nd browser up for quite a while once the 1st is closed, but if I set it
very low, then they could just be opening browsers up all over the place
(which is what I am trying to avoid).

It looks like it should clear the cache out out as soon as they log off
the browser and reset the ttl.  I guess that is more what I am wanting to
do.  I'll go back through the squid.conf to see if I can find a way to do
that.

Thanks.
Scott



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux