Re: [squid-users] Replay Auth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 23 Nov 2013 23:30:40 +1300

On 23/11/2013 10:33 p.m., FredB wrote:
> Hello,
>
> Do you think I should do a patch for 3.3 ? It should be useful ?
> I'm thinking about a new option like
>
> auth_param basic credentialslogout 2 hours
>

3.3 is already a stable release, meaning brand new options/features are
no longer accepted. The only exception ther eis if some major security
hole is fixed by adding one or backports of existing squid-2 features.
Neither of which seems to applicable here.

FWIW "logout" is not a concept relevant to Squid. Which is perfroming
the simple test of wether the credentials presented on a request are
valid at that particular point of time.

THe use of a credentials cache complicates this somewhat, but logout is
equivalent to TTL in a cache. When the TTL expires the backend gets
re-checked for validity at which time it may decode to start rejecting
them. Which is what some people call "logged out".

I have made some efforts in the 3.4+ series now that key=value
parameters to work towards the helpers providing a more dynamic ttl=N
parameter and have the cache entry use that instead of the fixed config
value. If you want to pick that up and carry it forward it would be great.

Amos
Received on Sat Nov 23 2013 - 10:30:54 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 23 2013 - 12:00:04 MST