On Mon, 5 Jan 2004, Andrew Nelson wrote: > > > I'm sure you know about authenticate_ttl and all about the way squid > > > caches auth detail so it doesn't have to keep bothering the client... > > > >This has nothing at all to do with the client. > > By client, I meant browser - and it does!
So do I. authenticate_ttl has nothing what so ever to do with the browser. It only controls the interaction between Squid and the specified auth helper Squid is using to verify the validity password. > So during the time between squid sending the browser a 407 (or checking > the details from the auth header) where does it store the list of > client addresses or whatever (authenticating programs) that are ok? > Where does squid store this and how ? Squid sends a 407 if authentication is requred and the request does not carry valid login credentials in its headers. Between requests Squid stores: Login Password Last time the password was verified to be correct to avoid having to ask the helper on each and every request if the password is still valid. And to support the max_user_ip ACL there is also a list of IP addresses from where this login has been seen and when there last was seen an authenticated request as this user from that IP address. Regards Henrik
