On Mon, May 08, 2006 at 02:01:09PM +0200, Christoph Haas wrote: > On Mon, May 08, 2006 at 07:41:02AM -0400, Michael W. Lucas wrote: > > I've inherited a Squid 2.5 box that uses Websense for filtering and > > squid_radius_auth against a Cisco ACS system for authentication. > > > > This system asks for your username and password every fifteen minutes. > > > > Trying to find where this is set is driving me nuts. I understand > > that Squid does not provide this function > > Not quite right. You can indeed enforce re-authentication. It's just > lousily documented. See: > > http://workaround.org/moin/HowSquidAclsWork#head-d6e6569888d3fc8fd4e0dd2031e09744d2bd38e7 > (Hmm, I should give it a shorter section name. :) ) Thanks for the pointer, that's quite clever. But is there a way to do this every 15 minutes, instead of by site? > Another frequent cause of such re-authentications is an erroneous backend. > The credentials are indeed cached in the browser from from time to time > Squid checks the backend whether the credentials are still valid. If the > backend denies that then Squid will ask the user again for the credentials. > The time that Squid believes the credentials are still valid without > checking the backend are set in the "auth_param basic credentialsttl" > parameter. I'm actually trying to replace this system because of authentication problems. I wonder if my predecessor introduced intermittent authentication errors in an effort to create a 15-minute repeat. (That would be fine, except that sometimes invalid usernames and passwords are accepted...) Thanks much! ==ml -- Michael W. Lucas mwlucas@xxxxxxxxxxx, mwlucas@xxxxxxxxxxxxxxxxxxxx http://www.BlackHelicopters.org/~mwlucas/ "The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
