David Parks wrote:
> I will be monitoring squid usage logs and need to disable user
> accounts from an external app (block them from making use of the
> proxy after they are authenticated).
>
> I'm not quite following the FAQ on this
> (http://wiki.squid-cache.org/Features/Authentication?action=show&redirect=SquidFaq/ProxyAuthentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F)
> because I don't have any criteria on which the ACL might force a
> re-negotiation (or I just don't understand the proposed solution).
Re-challenge is automatic whenever a new request needs to be authed and
the currently known credentials are unknown or too old to be used.
>
> I'm also not clear if ("nonce_garbage_interval") and
> ("nonce_max_duration") are actually forcing a password check against
> the authentication module, or if they are just dealing with the
> nuances of the digest authentication protocol. I have them set to
garbage collection only removes things known to be dead already. The
garbage interval determines how often the memory caches are cleaned out
above and beyond the regular as-used cleanings.
nonce_max_duration determines how long the nonces may be used for.
It's closer to what you are wanting, but I'm not sure of there are any
nasty side effects of setting it too low.
> their defaults, but after making a change to the password file that
> digest_pw_auth helper uses, I do not get challenged for the updated
> password. Could it just be that digest_pw_auth didn't re-read the
> password file after I made the change?
Yes.
>
> Thanks! David
>
>
> p.s. thanks for all of the responses to this point, I haven't replied
> as such with a "thanks", but the help on this user group is fantastic
> and is really appreciated, particularly Amos, you're a god-send!
Welcome.
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18Received on Mon Mar 22 2010 - 06:35:03 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 24 2010 - 12:00:06 MDT