I am using Squid-2.1 on RedHat 5.2. I started trying to use authentication using the
ncsa_auth program, which works well but doesn't do what I need.
I'm trying to set up squid for use in a public library with computers by our reference
desk. What I want is for the databases and ready-reference material (e.g.
http://www.m-w.com, http://www.thomasregister.com) to be available to anyone who want
them without any authentication.
I'd like the rest of the net to be available to authenticated users
for say 15 minutes so that someone could look things up quickly. We have a computer
lab where people can sign up for an hour (and stay on forever if no one else comes
in.) I'd like to eliminate our current need to kick people out of the lab for people
who just want to look at what's on a single web page and would then leave in five
minutes.)
But because many different people will use the machine there are two major
authentication problems.
1. Once an IP address is authenticate it tends to stay authenticated. I turned the ttl
down to 10 minutes. (I assumed that the default of 3600 was in seconds and gave users
an hour). But I can't find a way for a user to logout, so to speak, from the
proxy-server. Thus if a person who I want to let to have unlimited access is done in
5 minutes and leaves, how do I stop someone else from sitting down and having full
access. Note these are windows machine with no logins of anykind.
This is really a minor problem as it would just give an unauthenticated user a few
minutes.
2. Is there a way of stopping someone from just logging in over and over again. Henrik
Nordstrom suggested delay pools as a way of approximating limiting the total time,
which seems like an overly complicated method. I really think I'm trying to do a
verysimple task. I was thinking there must be someway to just intercept the call to
ncsa_auth (or modify in ncsa_auth) to just flag a login as having been used for the
day. Something on the order of a PERL script or even a shell script front end with
something like
#!/bin/make-believe-shell-where-stuff-like-works
if [ -f /tmp/$USERNAME ]; then
return=ERR
else {
touch /tmp/$USERNAME ;
return= whatever ncsa_auth would've returned.
}
Of course if there was something in the squid.conf to limit the number of times a user
can login this would be unneeded.
touch /tmp/$USERNAME
--
Josh Kuperman Saratoga Springs Public Library
[EMAIL PROTECTED] 49 Henry St
518.584.7860x211 Saratoga Springs, NY 12866
http://www.library.saratoga.ny.us
