Hello Folks,
Basic authentication. Same user must use different usernames from the same IP
in quick succession for role determination purposes.
I have this:
authenticate_ttl 1 seconds
authenticate_ip_ttl 1 seconds
auth_param basic credentialsttl 1 seconds
I read from Henrik's old posts that authenticate_cache_garbage_interval is not
that important for user interaction. So I left that at default. I am also not
limiting with max_user_ip acl so authenticate_ip_ttl has no relevance either as
far as I can guess.
This works fine, user can specify a new username and login with that. When I
left these values at defaults, user would specify a new user/pass, but squid
was still using his old user in its operations.
The problem is: squid acceps the old password of the new username. For example,
if I type user1/pass1, browse, close browser. Open, type user2/pass1, access is
still granted. What is controlling this?
When I was reading about on the issue, Robert seemed to have written a book
about explanation of authenticate_ttl and credentialsttl. Thanks him for that.
Of course, it all sounded greek to me. Can someone explain us the relation of
these values on regular user interaction? Yes, browsers cache credentials and
they must be sent to squid on each request. We know this part.
Also, isnt keeping these values so low going to be an overkill on squid? I have
some users that use static usernames. What settings would give best of both
worlds?
Thanks in advance for your time.
Jenny
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
