On Mon, May 08, 2006 at 02:01:09PM +0200, Christoph Haas wrote:
> On Mon, May 08, 2006 at 07:41:02AM -0400, Michael W. Lucas wrote:
> > I've inherited a Squid 2.5 box that uses Websense for filtering and
> > squid_radius_auth against a Cisco ACS system for authentication.
> >
> > This system asks for your username and password every fifteen minutes.
> >
> > Trying to find where this is set is driving me nuts. I understand
> > that Squid does not provide this function
>
> Not quite right. You can indeed enforce re-authentication. It's just
> lousily documented. See:
>
> http://workaround.org/moin/HowSquidAclsWork#head-d6e6569888d3fc8fd4e0dd2031e09744d2bd38e7
> (Hmm, I should give it a shorter section name. :) )
Thanks for the pointer, that's quite clever. But is there a way to do
this every 15 minutes, instead of by site?
> Another frequent cause of such re-authentications is an erroneous backend.
> The credentials are indeed cached in the browser from from time to time
> Squid checks the backend whether the credentials are still valid. If the
> backend denies that then Squid will ask the user again for the credentials.
> The time that Squid believes the credentials are still valid without
> checking the backend are set in the "auth_param basic credentialsttl"
> parameter.
I'm actually trying to replace this system because of authentication
problems. I wonder if my predecessor introduced intermittent
authentication errors in an effort to create a 15-minute repeat.
(That would be fine, except that sometimes invalid usernames and
passwords are accepted...)
Thanks much!
==ml
-- Michael W. Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org http://www.BlackHelicopters.org/~mwlucas/ "The cloak of anonymity protects me from the nuisance of caring." -Non SequiturReceived on Mon May 08 2006 - 08:21:44 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT