RE: PAM module and autentification i Squid

From: Armistead, Jason <armistej@dont-contact.us>
Date: Sun, 23 Apr 2000 08:15:15 -0400

Henrik Nordstrom [mailto:hno@hem.passagen.se] wrote on Friday, 21 April 2000
21:27

>> And after time in authenticate_ttl my re-authentification in not
required?

>The login information is cached in the web browsers. Squid cannot force
>the web browser to reauthenticate.

I used to have a hacked version of Squid 1.1.11 which specifically changed
the REALM portion of the proxy authentication code so that after "normal"
office hours, Squid would append the letters "AH" (After Hours) to the realm
data, and also so that it would append the date to the realm at all times
(e.g. "Apr 23") too. That prevented Internet Explorer (with it's "Save this
password" tick box) from providing access to the proxy unless the password
was entered every day. It also stopped people getting onto the bosses or a
co-worker's PC after hours and surfing with their authentication information
(assuming the regular PC user didn't implement screen saver password or
shutdown their browser before going home)

Bottom line - if the REALM is different, the browser SHOULD ask the user for
a username / password before attempting re-authenticating.

I'll check if this still works on the current IE / Navigator versions and
let you know ...

Jason
Received on Sun Apr 23 2000 - 06:17:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:01 MST