[squid-users] Can 'credtentialsttl' in basic auth scheme be simulated in digest auth?

From: angsuesser <hans.angsuesser_at_borg-perg.ac.at>
Date: Tue, 26 Apr 2011 02:59:19 -0700 (PDT)

We have many users with WLAN access to Squid - so basic authentication cannot
be used for security reasons.
In basic authentication Squid can be forced to query the helper for the
credentials by setting the 'credentialsttl' parameter to a few seconds - so
when you remove the user-credentials from the database the user can't access
Squid anymore.
I wanted the same behaviour with the digest auth scheme and tried

auth_param digest nonce_garbage_interval 3 seconds
auth_param digest nonce_max_duration 3 seconds

But if I remove the user from the database which is queried by the helper -
there is no effect.
The credentials that the browser is sending are still valid - so the user
has further access to the internet.

Do anybody have a digest auth scheme that is working this way?
Hints would be appreciated. Thanx

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Can-credtentialsttl-in-basic-auth-scheme-be-simulated-in-digest-auth-tp3475078p3475078.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue Apr 26 2011 - 09:59:20 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 26 2011 - 12:00:03 MDT