Re: [squid-users] authenticate_ttl warning

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 12 Jun 2001 23:21:38 +0200

Mads Rasmussen wrote:

> Now another oddity is strugling me, I would like to configure the
> authenticator to cache the user/passwd only for a specific amount of time. So
> that if a user leaves his machine on for lunch he would have to authenticate
> again when returning.

Which will be a bit hard to do within HTTP. This is a issue in how
browsers manages the user login informtion, not actually up to proxies
to decide upon.

The browser logs in to the proxy on each and every request, but only
queries the user once during the lifetime of the browser session (i.e.
until the user fully closes his browser).

> What is recommended for the authenticate_ttl tag?

Default is fine in most setups.

> WARNING: No units on 'authenticate_ttl 3600', assuming 3600.000000 second
>
> Even though the new manual on http://squid.visolve.com for 2.4st1 tells that
> the syntax is exacly that

squid.visolve.com is NOT a authorative resource for Squid. It is notes
collected by visolve.

The authorative reference is squid.conf.default after installing the
Squid version in question.

# TAG: authenticate_ttl
# The time a checked username/password combination remains cached.
# If a wrong password is given for a cached user, the user gets
# removed from the username/password cache forcing a revalidation.
#
#Default:
# authenticate_ttl 1 hour

Note: This cache is between Squid and the auth helper. To the browser
there is no difference if the user is in the cache or not, except
possibly a slight speed difference..
Received on Tue Jun 12 2001 - 15:53:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:43 MST