RE: [squid-users] Password resuse

From: khiz code <khizcode@dont-contact.us>
Date: Fri, 14 Feb 2003 22:01:57 -0800 (PST)

Hie

i tried the suggestions
my config is

authenticate_ip_ttl 1 hour
authenticate_ip_ttl_is_strict on

Howvere i have observed that the user name and password can be reused on some
other client machine within the authenticate_ip_ttl time period ??

 have i missed something here?

pls do get back
TIA
Khiz
 

--- Prasanta kumar Panda <prasanta.kumar@wipro.com> wrote:
>
>
> Hi Khiz
>
> Don't use "strict" then.
>
> For 2.4
> authenticate_ip_ttl_is_strict off
>
> For 2.5
> Don't use "-s" for "max_user_ip".
>
> This will prompt for a second time password every time the IP gets
> changed. If some one else is using the username/password of your (valid
> user) the (valid user) will be prompted for password frequently which
> will make him not to share his credential to other. But this will not
> help if you have some sort of tools where you can hardcode the
> credential.
> Reg.
> Prasanta
>
>
>
> -----Original Message-----
> From: khiz code [mailto:khizcode@yahoo.com]
> Sent: Tuesday, February 11, 2003 7:23 PM
> To: Prasanta kumar Panda; squid-users@squid-cache.org
> Subject: RE: [squid-users] Password resuse
>
>
> thanks for the reply
> well this will bind the user to that specific IP address
> what if the (valid user) were to move to another PC during that period
> itself .. i guess im talking non sense
>
> henrick ..any pointers ???
>
> TIA KHiz
>
> --- Prasanta kumar Panda <prasanta.kumar@wipro.com> wrote:
> >
> >
> > Hi Khiz
> >
> > If using 2.4 squid:
> > Just set the time for "authenticate_ip_ttl" and make
> > "authenticate_ip_ttl_is_strict" on ( is default)
> > Ex:
> > authenticate_ip_ttl 2 hour
> > authenticate_ip_ttl_is_strict on
> >
> > For 2.5 Squid
> >
> > authenticate_ip_ttl_is_strict option is served by "acl aclname
> > max_user_ip [-s] number"
> >
> > Use this acl to match and then deny the request. Also you can give a
> > custom error page as supported by 2.5
> >
> > Reg.
> > Prasanta
> >
> >
> >
> > -----Original Message-----
> > From: khiz code [mailto:khizcode@yahoo.com]
> > Sent: Tuesday, February 11, 2003 6:20 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Password resuse
> >
> >
> > Hie gurus
> >
> > i ve got a peculiar requirement
> >
> > after a user authenticates himeslf to squid (using any of the
> > available
> > mechanisms) i need to be able to restrict the user to that particular
> > machine as such time that he is browsing using that machine. SO
> during
> > such time , no other user should be able to use the same user name and
> > password on some other machine ..
> >
> >
> > however once he has logged off (??) , the user name and password can
> > be re used on some other machine
> >
> > I know this is more of a policy issue, wherein passwods should not be
>
> > revealed, but wondering if Technology could do the rescue act :-0)
> >
> > Thanks in advance
> > khiz
> >
> >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Shopping - Send Flowers for Valentine's Day
> > http://shopping.yahoo.com
> > >
> **************************Disclaimer************************************
> **************
> >
> >
> > Information contained in this E-MAIL being proprietary to Wipro
> > Limited is 'privileged' and 'confidential' and intended for use only
> > by the individual or entity to which it is
> > addressed. You are notified that any use, copying or dissemination of
> the
> > information
> > contained in the E-MAIL in any manner whatsoever is strictly
> prohibited.
> >
> >
> ************************************************************************
> ****************
> >
> >
> >
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com
>
> **************************Disclaimer************************************
>
> Information contained in this E-MAIL being proprietary to Wipro Limited is
> 'privileged' and 'confidential' and intended for use only by the individual
> or entity to which it is addressed. You are notified that any use, copying
> or dissemination of the information contained in the E-MAIL in any manner
> whatsoever is strictly prohibited.
>
> ***************************************************************************
> > BEGIN:VCARD
> VERSION:2.1
> N:Panda;Prasanta;Kumar
> FN:Prasanta (prasanta.kumar@wipro.com) (prasanta)
> ORG:Wipro Technologies;IMG-HDC
> TITLE:Sr. Network Analyst
> TEL;WORK;VOICE:+91 40-6565148
> TEL;WORK;VOICE:+91 40-6565000
> ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Wipro Technologies=0D=0ASurvey #
> 64=0D=0AMadhapur;Hyderabad;Andhra Pradesh=
> ;500033;India
> LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Wipro Technologies=0D=0ASurvey #
> 64=0D=0AMadhapur=0D=0AHyderabad, Andhra Pra=
> desh 500033=0D=0AIndia
> URL;WORK:http://www.wipro.com
> EMAIL;PREF;EX:/o=Wipro/ou=First Administrative
> Group/cn=Recipients/cn=prasanta
> REV:20020725T070827Z
> END:VCARD
>

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Received on Fri Feb 14 2003 - 23:02:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:24 MST