On Mon, 22 Mar 2010 16:26:26 -0600, "David Parks" <davidparks21@xxxxxxxxx> wrote: > So, if I understand correctly, squid has no way for me to force a user > account to be expired or cleared prematurely. Setting the > nonce_max_duration > low wouldn't block a user with a constant stream of traffic, say watching a > video for example. Even obsolete auth details won't block an existing stream. The key word there is "prematurely". > > If the above statements are correct, then do you have any thoughts on how They are not quite. > challenging a change like this would be at the code level? For example, > having a command similar to "squid -k reconfigure" (e.g. "squid -r > user_to_expire") in which case squid would simply expire the given > credentials, thus "tricking" squid into re-authenticating on demand? -k reconfigure and -k restart will break client connections in current Squid. > > If user credentials are simply a table in memory this seems conceptually > simple to accomplish. Though I'm a java developer and haven't touched C/++ > in many years, so I'm not sure this is worth considering unless you think > it's as simple as it seems like it could be. The user credentials are tagged data associated with each request. They exist for as long as the request is ongoing. Some are also attached to specific TCP connections and live as long as the connection or until new auth data is received inside the connection. I say you statements above are "not quite" because of this: http://wiki.squid-cache.org/Features/Authentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F > > Thanks! > Dave > > p.s. my purpose in following this line of questioning is to monitor log > files for per user traffic, and after a user exceeds their data transfer > quota, I need to block further access. I don't want to slow access for > users > within their quota. > Real quota control is something that has long been wanted in Squid and the groundwork has almost finished being laid into 3.2 but nobody yet has the time to actually implement the feature. http://wiki.squid-cache.org/Features/Quota Amos
