On July 4, 2015 2:57:20 AM EDT, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >On 4/07/2015 6:08 a.m., Dan Purgert wrote: >> I'm setting up a squid proxy with LDAP user/group authentication, and >so >> far have been able to sort out the problems I've run into with a >little >> help from google and caches of the various squid mailing lists. >> >> Currently, it's in a mostly working state for nearly everything (i.e. > >> user authentication, allowed/blocked based on what group a user >belongs >> to, client pc auto-updates, etc.). However, I can't figure out how >to >> force a user to re-authenticate after a set interval of time (say 30 >> mintues). > > >What exact use-case is this for? > students logged in only for a class period? > access differences between class and break times? > something else? > >As Dan mentioned HTTP authentication alone will not do this. Since HTTP >is stateless the browser is *already* re-authenticating on every single >request. The user has no interaction. The auth TTLS are just to ensure >Squid has accurate info about the credentials in its auth cache for the >backend part. > >What you can do is use an external ACL helper to allow/reject based on >any criteria you code/script it for. > >Amos > >_______________________________________________ >squid-users mailing list >squid-users@xxxxxxxxxxxxxxxxxxxxx >http://lists.squid-cache.org/listinfo/squid-users Yes, it's a "allow sites ABC for class time" and "allow xyz for break". The acls work already for "class" ... am looking for a way to give "on the fly" breaks. If that's not possible, I can work out something else (e.g. define a time based acl from say 2-3 pm or something). I was just hoping to be able to be less heavy-handed than that. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
