Re: [squid-users] Re: squid + authentication

From: Ilya <quiz@dont-contact.us>
Date: Wed, 20 Nov 2002 20:50:50 +0600

On Wed, 20 Nov 2002 09:35:22 -0500
  "Jerry Murdock" <jmurdock@itraktech.com> wrote:
>*This message was transferred with a trial version of
>CommuniGate(tm) Pro*
>----- Original Message -----
>From: "Ilya" <quiz@gorodok.net>
>To: "Hegedus, Ervin" <airween@amit.hu>; "Ilya"
><quiz@gorodok.net>
>Cc: <squid-users@squid-cache.org>
>Sent: Wednesday, November 20, 2002 8:59 AM
>Subject: [squid-users] Re: squid + authentication
>
>
>> Let`s assume that current client has to be authenticated
>> according to acl. The current client has already sent his
>> username/password to the squid.
>>
>> So, browser caches username/password pair? Then, how long
>> does browser cache it? May be, until it is restarted?
>>
>Totally browser dependent, but generally until restarted.
>
>IE will prompt once for each new instance, NS/Mozilla
>generally cache the
>user:passwd pair across instances.
>
>> And does squid checks up username/password pair every time
>>the
>> browser sends it. Or, may be, squid caches the client`s ip,
>> and if the current http-request is from stored ip, then
>>squid
>> passes request without any authentication?
>>
>Squid asks/checks every time the info is needed by an acl.
> Squid will
>internally cache a valid user:passwd pair, so that it doesn't
>have to go
>out and hit the auth helper for every request. There are
>tunables to
>determine how long squid caches the info.
>
>Jerry

It sounds good! :) Are you shure? Several minutes ago I
recieved:
/*****
> So, browser caches username/password pair?
i should say no.

> Then, how long
> does browser cache it? May be, until it is restarted?
no.
so, squid doesn't cache user/passwd pairs, it doesn't stored
any time...

client sends every request, every http header.

> And does squid checks up username/password pair every time the
> browser sends it.
i think yes, but it requires to see in source... :-)
or ask on list. :)

> Or, may be, squid caches the client`s ip,
yes.

> and if the current http-request is from stored ip, then squid
> passes request without any authentication?
no.
but there is a good way to deny a client, when it try from
other
IP, than starts to browse.
*****/
Whom should I believe ? :)))
Received on Thu Nov 21 2002 - 10:32:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST