On Fri, 03 Jul 2015 18:08:49 +0000, Dan Purgert wrote: > I'm setting up a squid proxy with LDAP user/group authentication, and so > far have been able to sort out the problems I've run into with a little > help from google and caches of the various squid mailing lists. > > Currently, it's in a mostly working state for nearly everything (i.e. > user authentication, allowed/blocked based on what group a user belongs > to, client pc auto-updates, etc.). However, I can't figure out how to > force a user to re-authenticate after a set interval of time (say 30 > mintues). > > > Essentially, the idea is that the "less-privileged" users (i.e. the > students) can get to the sites that they need for their day-to-day > school work, but that their permissions should be able to be elevated > for a set amount of time in the event the teacher deems it OK. > > Right or wrong, the administration doesn't want to go with one of the > "big boys" in web filters, so I need to kick the users and force a re- > auth, as this is for a school environment. It's small (only 10-15 > students at one time), but the students have already figured their way > around the previous filter that was installed before my time. > > > I know closing the browser clears out all the authentication tokens ... > but hoping there's a way I can do this from the backend so there's no > need to play those "okay, now close all your browsers" type games if a > student gets the elevated permissions. > > > Leads have pointed me to > > - auth_param basic credentials_ttl <N> minutes > > - authenticate_ttl <N> minutes > > - authenticate_cache_garbage_interval <N> minutes > > Though I don't seem to be able to grasp the concept of getting them to > do what I want (if it's possible) > > > Thanks! Thanks to everyone who sorted my incorrect understanding with the ttls / garbage intervals. Have finally gotten a response from the decision makers, and they're OK with the explicit time limits for allowing "not school" type websites, so that's the route we're going to pursue. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
