Re: [squid-users] Squid Single Login Only

From: Serge Fonville <serge.fonville_at_gmail.com>
Date: Sat, 3 Sep 2011 14:42:51 +0200

Sorry...

The list was no longer in the thread

2011/9/3 Serge Fonville <serge.fonville_at_gmail.com>:
> Hi,
>
> HTTP does not support any logout feature.
>
> 'Normally' sessions expire.
> Which is where the authenticate_ip_ttl  is for.
>
> The only alternatives I can think of is build some wrapping utility
> arround your browser (on all clients) or use SSO so when a session
> invalidates it automatically revalidates.
> With the latter you can set your TTL a lot lower.
>
> But it will require some additional testing to check if this does not
> decrease the browsing experience.
>
> For a better answer, please add information as to your actual goal
> (the bigger picture) and what 'problem' are you trying to solve that
> requires only one session per user.
>
> HTH
>
> Kind regards/met vriendelijke groet,
> Serge Fonville
> http://www.sergefonville.nl
>
> Convince Google!!
> They need to add GAL support on Android (star to agree)
> http://code.google.com/p/android/issues/detail?id=4602
>
>
>
> 2011/9/3 rex_ray . <rex_ray_at_sify.com>:
>> Hi,
>>         Thanks for your help. But am newbie when it comes to Squid.
>> So could you please enlighten me on the following,
>>
>>> But there is no logout
>>> So there is no way for squid to invalidate the session.
>>
>> Is it possible to have a logout procedure in Squid?
>>
>>
>> On Sat, Sep 3, 2011 at 5:54 PM, Serge Fonville <serge.fonville_at_gmail.com> wrote:
>>> HI,
>>> From what I understand...
>>> You have a login procedure for your browser.
>>> But there is no logout
>>> So there is no way for squid to invalidate the session.
>>> Kind regards/met vriendelijke groet,
>>> Serge Fonville
>>> http://www.sergefonville.nl
>>>
>>> Convince Google!!
>>> They need to add GAL support on Android (star to agree)
>>> http://code.google.com/p/android/issues/detail?id=4602
>>>
>>>
>>> 2011/9/3 rex_ray . <rex_ray_at_sify.com>
>>>>
>>>> I have the following doubt(or requirement) regarding Squid Proxy
>>>> Authentication.
>>>>
>>>> 1. User should be able to browse from a single ip only i.e no
>>>> concurrent logins. (Achieved this with the help
>>>> of 'authenticate_ip_ttl' & 'max_user_ip' directives)
>>>>
>>>> 2. If that user closes his browser, he should be able to authenticate
>>>> from a new ip or system. (I only get a 'Access Denied'
>>>> message when attempting login from a new machine or ip which I guess
>>>> results from the 'authenticate_ip_ttl' directive)
>>>>
>>>>  Can somebody point what am doing wrong here. Advance thanks for your
>>>> help.
>>>>
>>>> My 'squid.conf' authentication related parameters are as given below,
>>>>
>>>> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
>>>> "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w
>>>> "ldapadminpass" -f "uid=%s" -h ldap.server
>>>> auth_param basic children 5
>>>> auth_param basic realm Squid proxy-caching web server
>>>> auth_param basic credentialsttl 2 hours
>>>> authenticate_ip_ttl 2 hours
>>>> acl ip_limit max_user_ip -s 1
>>>> acl ldapauth proxy_auth REQUIRED
>>>> http_access deny ip_limit
>>>> http_access allow ldapauth
>>>> http_access deny all
>>>
>>>
>>
>
Received on Sat Sep 03 2011 - 12:43:18 MDT

This archive was generated by hypermail 2.2.0 : Sat Sep 03 2011 - 12:00:02 MDT