Ales Rygl wrote:
> Authentification is working, but I have following problem: squid is IMHO
> ingnoring authenticate_ttl 600, authenticate_ip_ttl 600 parameters. I'd
> like to disable users to log via proxy more than once, as is written in
> squid.conf. If i try to auth. myself from more than 1 IP, I'm refused
> but if i try this once more, I'm allowed to browse from both IPs!!
This is authenticate_ip_ttl, and works as documented in squid.conf. It
is only intended to discourage people from sharing their password, but
still allow a single user to switch IP (redial, or move from one
workstation to another). You will only see the effect if the same user
tries to actively browse from two IP addresses. The effect is not
obvious if you try as one person to move between two IP's.
I have a development patch that extends this to a strict TTL completely
denying access from another IP until the TTL has expired, but it
requires some manual work to apply to the sources due to other changes
in surrounding code confusing the patch program.
> And
> after time in authenticate_ttl my re-authentification in not required?
The login information is cached in the web browsers. Squid cannot force
the web browser to reauthenticate.
-- Henrik Nordstrom Squid hacker http://squid.sourceforge.net/hno/Received on Fri Apr 21 2000 - 06:08:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:00 MST