Hello Folks,
Basic authentication. Same user must use different usernames from the same IP in quick succession for role determination purposes.
I have this:
authenticate_ttl 1 seconds
authenticate_ip_ttl 1 seconds
auth_param basic credentialsttl 1 seconds
I read from Henrik's old posts that authenticate_cache_garbage_interval is not that important for user interaction. So I left that at default. I am also not limiting with max_user_ip acl so authenticate_ip_ttl has no relevance either as far as I can guess.
This works fine, user can specify a new username and login with that. When I left these values at defaults, user would specify a new user/pass, but squid was still using his old user in its operations.
The problem is: squid acceps the old password of the new username. For example, if I type user1/pass1, browse, close browser. Open, type user2/pass1, access is still granted. What is controlling this?
When I was reading about on the issue, Robert seemed to have written a book about explanation of authenticate_ttl and credentialsttl. Thanks him for that. Of course, it all sounded greek to me. Can someone explain us the relation of these values on regular user interaction? Yes, browsers cache credentials and they must be sent to squid on each request. We know this part.
Also, isnt keeping these values so low going to be an overkill on squid? I have some users that use static usernames. What settings would give best of both worlds?
Thanks in advance for your time.
Jenny
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Received on Sat Jul 24 2010 - 07:12:19 MDT
This archive was generated by hypermail 2.2.0 : Sun Jul 25 2010 - 12:00:04 MDT