> > William to be more clear this patch is not related at all with authenticate_ttl directive. > authenticate_ttl doesn't works with Digest, but with basic and maybe another (ntlm, kerberos ?) there is no precision here http://www.squid-cache.org/Doc/config/authenticate_ttl/ > > The patch works like this: > > At first banner Squid store the login/password HASH http://en.wikipedia.org/wiki/Digest_access_authentication http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication > > When nonce is stalled (nonce_max_count reached) the helper compare the account stored in memory with a request to Ldap or/and when the nonce is expired, the helper makes the same thing. > > In this two cases there are two possibilities, the account is right or wrong -> Bad password or/and bad login > > - If the return is right Squid return a new nonce and there is no impact for the user, I mean no banner. > - If the return is wrong Squid present the authentication realm to the user and the browser prompt for a username and password. > > There is also an another situation - if squid is restarted - the browser returns is HASH without banner (if the account is right of course) > > So, without any change in LDAP the banner never appear, except when the browser start. > > Fred > > PS: About Digest you are right it's almost good now, still also a little problem with nonce count but not related with this > Hi, Ok, thanks, Tested with both nonce_count and nonce_max_duration, no problem. Do you known if it works with squid 3.5 ? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
