Re: Q: Client authentication via Squid

From: John Todd <jtodd@dont-contact.us>
Date: Tue, 04 Aug 1998 14:54:19 -0400

At 08:59 PM 8/4/98 +0500, Dileep Agrawal wrote:
>We have setup an intranet with squid running on the proxy server. We would
>like to authenticate clients that try to access squid for web browsing and
>log the time they were connected to the proxy. Has anyone done this?
>
>Thanks.

  This is very hard to do, considering that there is no "connection" that
users have with the cache except when they are actually downloading
objects. Requiring user authentication is, of course, easily done with
standard squid and the patches that have appeared on this list as well as
(I think) in the FAQ.

  If you've installed the user authentication patches, it's not too difficult
to get a trail of what each user is doing. You could just "grep" for the
user's name in your access.log file (in the appropriate position on each
line) at the end of some interval (a day?) and plot the use across that
period of time based on timestamps. You probably won't get exactly what
the use pattern was (due to persistient connections) but I expect it'll be
close enough.

  To really get a good idea of what your users are doing, what you need to do
is to keep forcing the user to re-log into the server after a fixed timeout
period so that you can "timestamp" some measure of use. This is
uncomfortable for the user, but serves your purpose to within whatever
measure of granularity you wish to reduce the timeout. It also allows you
to generate an easier-to-digest list of "logins" via your cgi script
instead of peering through your access.log records.

JT

---
John Todd
"So shall it be written, so shall it be done." - Yul 'Ramses' Brynner
jtodd@fox-den.com
Received on Tue Aug 04 1998 - 11:56:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:27 MST