Search squid archive

Re: Replay Auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2013-11-21 03:23, FredB wrote:
Hello,

I'm trying to use squid with two identifications mode, first digest
and second basic, all works without problem except one point

auth_param basic credentialsttl 1 hours

The proxy never claim the username and pass after 1 hour, so I found
no way for forcing the replay with digest
squid stop and start are also without effect (I guess that the browser
replay automatically is credential).
I should wait that the user close his browser ...

What do you mean by "claim" ?

The browser is expected to deliver credentials on every request and the proxy validate them. The credentialsttl is only about how often Squid has to query the backend to validate them. When the TTL expire the authenticator backend is checked, exactly the same as on a new login. If it says they are still OK then a new credentialsttl period is started. When auth works properly the browser is only ever challenged at the start of the users browsing session and not bothered again.

To force a change in credentials midway through a series of transactions you need to cause the proxy to emit another auth challenge. Which can be done by denying one of the requests using an access control line ending with either an auth re-validation to the backend ("proxy_auth REQUIRED"), a check against explicit username (proxy_auth <name>) or with an external ACL that depends on %LOGIN.

http://wiki.squid-cache.org/action/show/Features/Authentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F


Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux