Re: [squid-users] Re: Squid authentication ttl

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 4 Jun 2002 23:08:10 +0200

On Tuesday 04 June 2002 19:09, Wei Keong wrote:

> if user A's browser caches the username & password, when user B
> tries to login and Squid requests for authentication
> - user A will not be prompted (browser takes care of
> authentication), he is able to continue to surf as usual
> - user B will be prompted repeatedly and will not be able to login
>
> in other words, as long as authenticate_ip_ttl is turn on and has
> not expired
> [authenticate_ip_ttl_strict on]
> - user B will not be prompted and will not be able to login
> [authenticate_ip_ttl_strict off]
> - user B will be prompted repeatedly and will not be able to login

Still not correct when strict is off.

If strict is off then Squid will attempt to force both users to
repeadetly log in until there is only one user accessing the cache.

In this mode Squid accepts the "new" user as soon as it has seen two
requests with valid user credentials from the same IP.

However, as some browser apparently automatically retry the request if
authentication fails the this may not always give the desired effect
as the browser is then defeating the concurrent IP address use
detection by hiding the temporary denial from the user.

Regards
Henrik
Received on Tue Jun 04 2002 - 15:13:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:26 MST