Hi all,
We are using "digest_ldap_auth" with "Open LDAP" for squid digest
authentication. It is working well but there is an issue.
When the user-password is changed on the LDAP server, squid should
invalidate existing nounce after the specified nounce_garbage_interval
and should generate a new nounce corresponding to the new password. But,
it is seen that user can still access the internet site(s) using the old
password. In short, old and new password nounce values are valid and
this situation will prevail till the squid re-start.
The squid config. parameters set for digest authentication are:
auth_param digest children 5
auth_param digest realm My Realm
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 180 minutes
auth_param digest nonce_max_count 50
auth_param digest check_nonce_count on
Versions:
Squid version: Squid 3.0 STABLE 16
OpenLdap version: 2.3.27
Any help would be greatly appreciated.
Thanks and regards,
Joshi
