Re: [squid-users] max_user_ip doesn't work properly from Alexander Kiselev on 2003-03-27 (squid-users)

From: Alexander Kiselev <akiselev@dont-contact.us>
Date: Thu, 27 Mar 2003 10:26:00 +0300

Henrik,

there is actually one user. In the Netscape's password prompt i write
"domain\username" in username field.

In the access.log there is the same user, but comes from different
addresses.

I suppose that NTLM and Basic helpers hold an user's caches differently,
that is why they don't see each other, but they SHOULD do that, because is a
hole for the users to share their passwords and use the different browsers
on different computers in the same time.

Any suggestions?

--
Cheers,
Alex
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Alexander Kiselev" <akiselev@mow-co.ru.dhl.com>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, March 27, 2003 2:53 AM
Subject: Re: [squid-users] max_user_ip doesn't work properly
> This is a known problem. To Squid the two users are different users, and
> there is no clear way of matching them.
>
> You also see this symptom in access.log, where the user column shows
> differently.
>
> Regards
> Henrik
>
> Alexander Kiselev wrote:
> >
> > Hi all.
> >
> > on Squid2.5.STABLE2 i found that there is a problem with "acl
max_user_ip".
> > I use this feature to limit users to use Internet from one PC only in
the
> > same time. It works fine only in case if the same authentication method
is
> > using on both PCs, i.e. NTLM (if users on both PCs use IExplorer) or
Basic
> > (if they use any others browsers).
> >
> > My configuration (a part of "squid.conf" file):
> >
> > # All users must log in
> > acl authenticated proxy_auth REQUIRED
> > http_access deny !authenticated
> > deny_info ERR_AUTH_FAILED authenticated
> >
> > # No users may share their login/password with others
> > acl MaxIP max_user_ip -s 1
> > http_access deny MaxIP
> > deny_info ERR_MAX_USER_IP MaxIP
> >
> > # vip_users allowed always
> > acl vip_users proxy_auth "/path/to/vip_users"
> > http_access allow vip_users
> >
> > How to limit the users with "acl max_user_ip" feature not depending on
> > browser they use?
> >
> > Thanks.
> >
> > --
> > Cheers,
> > Alex
>

Received on Thu Mar 27 2003 - 00:28:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:21 MST