Re: [squid-users] When user removed from password file ncsa_auth, they are not reauthenticated

Does auth_param basic credentials_ttl have to be set in conjunction with
authenticate_cache_garbage_interval?
The help files don't make it clear and they seem to both do the same thing.
?confused?

--------------------------------------------------
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
Sent: Sunday, August 16, 2009 1:24 AM
To: "J Webster" <webster_jack_at_hotmail.com>
Cc: <squid-users_at_squid-cache.org>
Subject: Re: [squid-users] When user removed from password file ncsa_auth,
they are not reauthenticated

> On Sat, 15 Aug 2009 16:18:32 +0100, "J Webster" <webster_jack_at_hotmail.com>
> wrote:
>> When users are removed from an ncsa_auth style password file, squid does
>> not
>> seem to reauthenticate them.
>> Even on a subsequent browser restart, they are re-authenticated but
>> worse...it allows them into the proxy even though they are not now in the
>
>> password file.
>> Testing with a user not in the password file denies them properly.
>> Is the old user cached somewhere?
>
> Yes in these places:
> * in the authenticator sub-system (maybe)
> * in Squid
> * in the Browser
>
> Each has a timeout and all timeouts need to clear from the bottom up.
>
> The auth sub-systems I've seen caching have timeout in the order of a few
> seconds to halt bursts, or in some daemons a restart/reconfigure is needed
> when the auth system removal process is not used properly (ie editing
> users.conf insteaad of using passwd utility).
>
> Squid defaults to 1 hour. This is probably what you have seen. Check the
> squid.conf documentation for whatever unnamed version of Squid you are
> using on how to change that.
> http://www.squid-cache.org/Doc/config/
>
> Browser caches forever, until closed and restarted, or until Squid uses a
> "deny" access control to tells it its wrong.
>
> Amos
>
Received on Sun Aug 16 2009 - 01:14:06 MDT