[squid-users] Authentication required, but not always passed:

From: Michael Wray <mwray@dont-contact.us>
Date: Thu, 31 Mar 2005 10:22:58 -0600

Is the following also true when using other methods of Authentication, I use
ntlm_auth and notice that my logs still show lots of entries without
usernames, this being the case they get sent to the default profile in the
redirector. I do have Auth required but it seems if a station authenticates,
then it isn't asked for credentials each time, since it's not required for
every request, then username is not always passed on to the redirector...is
there a way to force this when IDENTD is not the method for getting userid's?
Is it the same?

To quote the FAQ on Redirectors and identd:

15.7 Redirector interface is broken re IDENT values

I added a redirctor consisting of

#! /bin/sh
/usr/bin/tee /tmp/squid.log

 and many of the redirector requests don't have a username in the ident field.

Squid does not delay a request to wait for an ident lookup, unless you use the
ident ACLs. Thus, it is very likely that the ident was not available at the
time of calling the redirector, but became available by the time the request
is complete and logged to access.log.

 

If you want to block requests waiting for ident lookup, try something like
this:

acl foo ident REQUIRED
http_access allow foo
Received on Thu Mar 31 2005 - 09:21:47 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST