Re: proxy_auth

From: David Zanetti <dave2@dont-contact.us>
Date: Sat, 6 Mar 1999 11:26:30 +1300 (NZDT)

On Fri, 5 Mar 1999, Robert Franklin wrote:

> On Fri, 5 Mar 1999 19:16:53 +1300 (NZDT) David Zanetti
> <dave2@earthling.net> wrote:
> > [squid.conf]
> > # TAG: authenticate_ttl
>
> I think that's different, isn't it... doesn't that just let squid cache
> the results of the authenticate_program?

Yes, but then..

> I believe the username/password is resent with each HTTP method, so
> effectively the user is reauthenticated (based on all the 'acl' rules)
> when each object is fetched, data sent, etc.

However, the authenticate program will never see every single HTTP
request, because of the caching I've pointed out. Effectively, that is how
long squid keeps a username/password pair until it reauthenticates it
with the _authenticator_.

Since the question was about time based access, we're presumably
interested in the resolution at which we can provide a 'no you've run out
of time' answer from the authenticator, since squid knows nothing about
this.

.------.-----------------------------------------------------.
| (__) | David Zanetti <dave2@earthling.net> |
| ( oo | Unix Systems Administrator, Wellington City Council |
| /\_| | Moderator, nz.politics.announce |
`------'-----------------------------------------------------'
Received on Fri Mar 05 1999 - 15:09:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:09 MST