Re: [squid-users] Trying to authenticate a user only once per working day

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 21 Dec 2009 15:55:21 +1300

Mike Marchywka wrote:
>
>> Rodrigo Castanheira wrote:
>>> Hi,
>>>
>>> I wish to authenticate (NTLM) our users only once per working day:
>>>
>>> authenticate_ip_shortcircuit_ttl 8 hours
>>>
>>> When the user browses for the first time, he will be authenticated and his
>>> IP will be cached so that, for the next 8 hours, Squid believes that
>>> requests coming from this IP belong to that user. Now comes the tricky part:
>>> if that user logs off and somebody else logs in before those 8 hours expire,
>>> Squid would mistakenly associate the same IP with the previous identity.
> Anyway to use cookies here?
>

Sorry for not thinking of this earlier...

http://www.squid-cache.org/Versions/v3/3.0/manuals/squid_session

The example uses %LOGIN, but any of the available keys are usable.
http://www.squid-cache.org/Doc/config/external_acl_type/

Cookies themselves are not a good choice for middle-ware since each
website visited is likely to alter the cookie header. But a combo of
others might work just as well.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.15
Received on Mon Dec 21 2009 - 02:55:39 MST

This archive was generated by hypermail 2.2.0 : Mon Dec 21 2009 - 12:00:02 MST