On Saturday 14 September 2002 00.54, Gerben Welter wrote:
> I still have a problem understanding 'per TCP connection'. So when
> IE requests an url and keeps requesting urls within a certain time,
> the tcp connections keeps open? And if yes, the ident request will
> occur only once, as long there's a steady flow of requests? Is this
> like persistent connections?
This is persistent connections.
A browser opens a number of TCP connections to the proxy. For each TCP
connection there will be a IDENT lookup by the proxy to ask the
client station who the user is who initiated this TCP connection.
Each TCP connection will be used for one or more requests, according
to the rules on persistent connection management.
> Ok, but we might come up with a mechanism that's similar to what
> Matt posted about clntrust.
The mechanism is pretty clear, it is only that it need to be called
something else than ident as it no longer has the same properties as
ident.
> - squid uses ldap to look up the ident and
> collects the list of ip address(es) that user is logged in on.
This part of the scheme is best done via the external_acl scheme of
Squid-2.5. Can be done today as a measure to improve the trust level
of ident if you have a such database of ip addresses wher the user is
logged on that you can query.
Regards
Henrik
Received on Fri Sep 13 2002 - 18:52:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:19 MST