On Mon, May 08, 2006 at 07:41:02AM -0400, Michael W. Lucas wrote:
> I've inherited a Squid 2.5 box that uses Websense for filtering and
> squid_radius_auth against a Cisco ACS system for authentication.
>
> This system asks for your username and password every fifteen minutes.
>
> Trying to find where this is set is driving me nuts. I understand
> that Squid does not provide this function
Not quite right. You can indeed enforce re-authentication. It's just
lousily documented. See:
http://workaround.org/moin/HowSquidAclsWork#head-d6e6569888d3fc8fd4e0dd2031e09744d2bd38e7
(Hmm, I should give it a shorter section name. :) )
Another frequent cause of such re-authentications is an erroneous backend.
The credentials are indeed cached in the browser from from time to time
Squid checks the backend whether the credentials are still valid. If the
backend denies that then Squid will ask the user again for the credentials.
The time that Squid believes the credentials are still valid without
checking the backend are set in the "auth_param basic credentialsttl"
parameter.
Kindly
Christoph
Received on Mon May 08 2006 - 06:01:15 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT