RE: [squid-users] authenticate_ip_ttl_is_strict

From: Koen Van de Velde <koen.vdvelde@dont-contact.us>
Date: Fri, 4 Oct 2002 10:41:10 +0200

Hi,

I 'm pretty newby to Squid, but can tell you that it works on my
configuration.

My config is a bit (but not significant) different from yours :
- I don't use 'authenticate_ip_ttl_is_strict on'
  Does it work at your site when you do not use this option ?
  It 's worth a try, since it is not really necessary to disable users from
sharing there passwords.
- My 'authenticate_ip_ttl' is set to 60 seconds (as suggested in squid.conf)

I'm using :
- Squid2.4stable6
- Msntauth v2.0.3
and this is what happens at our site :
- User1 can logon to computer1 with no problem
- immediately after this: User1 can NOT logon to computer2
- but If User1 on computer1 isn't using its webbrowser for more then 60
seconds,
  then a refresh on the browser of computer2 starts the internet-connection.
  (this is what we want, because we have 'traveling users' in our offices)
  At that time, user1 on computer1 is disconnected
  (and has to wait until user1 on computer2 isn't using its webbrowser for
60 seconds)

Did you check the log-files ?
- /var/log/squid/*
- /var/log/secure

good luck !

Kind regards,
Koen.

> -----Original Message-----
> From: haji din [mailto:ahbh99@yahoo.com]
> Sent: Thursday, October 03 2002 06:07
> To: squid-users@squid-cache.org
> Subject: [squid-users] authenticate_ip_ttl_is_strict
>
>
> hi list,
>
> i want to discourage users from sharing their
> username/password for internet access by restricting
> simultaneous connections from different ip adresses
> with the same username/password; but failed. i still
> be able to connect thru squid from multiple machines
> using a same username/password combination. here is
> part of my squid.conf:
>
> redirect_rewrites_host_header off
> cache_replacement_policy GDSF
> proxy_auth_realm Squid
> authenticate_program
> /opt/squid/libexec/squid/msnt_auth
> authenticate_children 10
> authenticate_ip_ttl_is_strict on
> authenticate_ttl 600 seconds
> authenticate_ip_ttl 600 seconds
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/bin/squidGuard.conf
> redirect_children 4
> acl localnet src 192.168.0.0/255.255.255.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
> acl localserver dst 192.168.0.0/255.255.255.0
> acl snmppublic snmp_community public
> acl password proxy_auth REQUIRED
> http_access allow localserver
> http_access allow password
> http_access allow localnet
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
>
> any asistance appreciated.
>
>
>
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
>
Received on Fri Oct 04 2002 - 02:41:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:35 MST