> 3.3 is already a stable release, meaning brand new options/features are
> no longer accepted. The only exception ther eis if some major security
> hole is fixed by adding one or backports of existing squid-2 features.
> Neither of which seems to applicable here.
>
> FWIW "logout" is not a concept relevant to Squid. Which is perfroming
> the simple test of wether the credentials presented on a request are
> valid at that particular point of time.
>
> THe use of a credentials cache complicates this somewhat, but logout is
> equivalent to TTL in a cache. When the TTL expires the backend gets
> re-checked for validity at which time it may decode to start rejecting
> them. Which is what some people call "logged out".
>
> I have made some efforts in the 3.4+ series now that key=value
> parameters to work towards the helpers providing a more dynamic ttl=N
> parameter and have the cache entry use that instead of the fixed config
> value. If you want to pick that up and carry it forward it would be great.
>
> Amos
>
OK, I think I will take a look
For the record, here patch for 3.3.11
New credential value: - Banned - in
src/auth/UserRequest.h (but now only used in basic
auth)
With this patch when auth_param basic
credentialsttl is expired the browser show the ID
banner.
CRED_CHALLENGE = 1, ///< Client needs to be
challenged. secure token.
CRED_BANNED = -3, ///< Client needs to be
rechallenged. banned.
CRED_VALID = 0, ///< Credentials are
valid and a up to date. The OK/Failed state is
accurate.
CRED_LOOKUP = -1, ///< Credentials need to
be validated with the backend helper
CRED_ERROR = -2 ///< ERROR in the auth
module. Cannot determine the state of this request.
http://numsys.eu/divers/squid/auth.patch
Received on Fri Dec 20 2013 - 10:42:28 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 20 2013 - 12:00:06 MST