-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/10/2014 9:29 p.m., santosh wrote: > Hello Amos, > > I'm just trying to create forceful re-authentication , this is just > for curiosity to see how things works by changing the > credentialsttl value in the conf file .I have set it as 2 mnutes > and below is what it looks in conf file , but i dont get any > reprompting for username and password after two minutes , is the > configuration correct ? If it is just for investigation of credentialsttl then you definitaly are going about it all wrong. credentialsttl is how often Squid sends a helper lookup to the backend authentication server. Nothing more. > > auth_param basic program /usr/lib/squid3/basic_ldap_auth auth_param > basic children 5 startup=5 idle=1 auth_param basic realm Squid > proxy-caching web server auth_param basic credentialsttl 2 minutes Expected behaviour with this: * client sends credentials on every request, which moves the auth through two basic states [state A - DUNNO] * When client sends a request, credentials from that request gets sent to a helper for validation, [state B - AUTHENTICATED/INVALID] * all requests which use the *same* credentials, will be allowed or denied as per helper OK/ERR result, * if less than 120 seconds have passed stay in state B. * when 120 seconds have passed, the helper result for those credentials is expired, move back to state A. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUP5iHAAoJELJo5wb/XPRjNr4H/RQBcHvNqBJ0lrWjElLt4PQv JIBw+k0O6WNkQ18oouiUO9G6C2pBKxfjxsV2D3bxP6Y5e3F4zypFhTBFdnA5ccsp 2ipQ9FFKBS8fvks+rnZtYiHSzDgIK58RGXl6qgARJvBrrnWP9/l58VG53o3bqEUR 0I3Rw5F4p7AC3Zjrp3fo80Th9uOuYigesk33dyTnIsRr806fGrue12kLQwG44sl/ QxHht8OafSfEgA7scATDfhQAfmsDcndrY/UF9NsDp5XBZXaZAkGBwo4eYGD7wLZ9 +GHzn13jtHNVwYvjOjBkf1ac3iPgB6RTWMsOsbFWJPc0oSRT6YesAuTqVYDmy+g= =56NS -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
