Search squid archive

Re: Force LDAP groups to de-authenticate?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/07/2015 6:08 a.m., Dan Purgert wrote:
> I'm setting up a squid proxy with LDAP user/group authentication, and so 
> far have been able to sort out the problems I've run into with a little 
> help from google and caches of the various squid mailing lists. 
> 
> Currently, it's in a mostly working state for nearly everything (i.e. 
> user authentication, allowed/blocked based on what group a user belongs 
> to, client pc auto-updates, etc.).  However, I can't figure out how to 
> force a user to re-authenticate after a set interval of time (say 30 
> mintues).


What exact use-case is this for?
 students logged in only for a class period?
 access differences between class and break times?
 something else?

As Dan mentioned HTTP authentication alone will not do this. Since HTTP
is stateless the browser is *already* re-authenticating on every single
request. The user has no interaction. The auth TTLS are just to ensure
Squid has accurate info about the credentials in its auth cache for the
backend part.

What you can do is use an external ACL helper to allow/reject based on
any criteria you code/script it for.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux