Re: [squid-users] Repeated auth challenges, credentialsttl 8 hour

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Jan 2011 05:40:32 +1300

On 28/01/11 04:26, Jim Moseby wrote:
> Some of my users are getting repeated auth challenges, even though I
> have "auth_param basic credentialsttl 8 hour" in squid.conf. What
> triggers the auth challenge, and how can I configure so my users will
> only be challenged once per 8 hour workday?
>

Triggers when the browser has no credentials stored to send to the
proxy. Or if the credentials it sent were rejected by your ACLs.

The common cause of ACLs triggering popups after good auth has been in
use is group access checks on the end of a deny line. Place "all" at the
end of such lines to prevent existing credentials being re-challenged.

A less common cause if its just a few out of many users may be strange
characters in their login or password. Or UTF binary coding being sent
by their browser.

The only way to prevent popups for all day with Basic is to keep the
browser open at all times. Otherwise normally they can expect one
initial popup when they open a new browser.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Thu Jan 27 2011 - 16:40:37 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 27 2011 - 12:00:03 MST