RE: PAM module and autentification i Squid

From: Greg Cunningham <gregc@dont-contact.us>
Date: Wed, 26 Apr 2000 00:06:05 +1000

The Save Password check-box in the IE authentication is also my current
worry.

I know that there is a IE5 administrators toolkit for customising the
product for an enterprise roll-out. Does anybody know if the toolkit allows
you to turn off this "feature"?

-----Original Message-----
From: Armistead, Jason [mailto:armistej@oeca.otis.com]
Sent: Sunday, April 23, 2000 10:15 PM
To: 'Squid-Users'
Subject: RE: PAM module and autentification i Squid

Henrik Nordstrom [mailto:hno@hem.passagen.se] wrote on Friday, 21 April 2000
21:27

>> And after time in authenticate_ttl my re-authentification in not
required?

>The login information is cached in the web browsers. Squid cannot force
>the web browser to reauthenticate.

I used to have a hacked version of Squid 1.1.11 which specifically changed
the REALM portion of the proxy authentication code so that after "normal"
office hours, Squid would append the letters "AH" (After Hours) to the realm
data, and also so that it would append the date to the realm at all times
(e.g. "Apr 23") too. That prevented Internet Explorer (with it's "Save this
password" tick box) from providing access to the proxy unless the password
was entered every day. It also stopped people getting onto the bosses or a
co-worker's PC after hours and surfing with their authentication information
(assuming the regular PC user didn't implement screen saver password or
shutdown their browser before going home)

Bottom line - if the REALM is different, the browser SHOULD ask the user for
a username / password before attempting re-authenticating.

I'll check if this still works on the current IE / Navigator versions and
let you know ...

Jason
Received on Tue Apr 25 2000 - 08:09:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:02 MST