On Friday 27 June 2003 08.14, Frank Fegert wrote:
> I'm not exactly shure why this happened, since in either case the
> effective UID should have been the squid-user, shouldn't it?
Not actually relevant. See the RunCache script..
Daemons should never implicitly depend on non-standard paths (other
than /bin:/usr/bin). If they do then they will fail in one
configuration or another.
> external_acl_type passwd-expired-external ttl=5 concurrency=5
> %LOGIN <path-to>/expire.sh -D <binddn> -b <basedn>\
> -h <ldap-server> -f <ldap-search-filter>
> acl passwd-expired external passwd-expired-external
> http_access deny !passwd-expired
> deny_info ERR_PASSWD_EXPIRED passwd-expired
I think you want to retune the ttl there, and use a margin to start
denying shortly before the set password expires if possible to avoid
accidental blocking the password.
Suggested ttls for the external_acl_type:
ttl=1800 negative_ttl=5
and use a negative margin of 30 minutes when determining if the user
needs to change his password.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Fri Jun 27 2003 - 02:37:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:39 MST