Re: [squid-users] periodic user re-authentication via Radius

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 20 Mar 2007 13:02:25 +0100

ons 2007-03-14 klockan 15:37 -0400 skrev Michael W. Lucas:
> Hi,
>
> We have a need to force users to re-authenticate to the Web
> periodically. Squid doesn't support this, because of how the browser
> caches credentials. So I'm having our external Radius auth helper
> handle this for us. As this seems to be a FAQ, I'm sharing the script
> here.

You can do something similar with the session external acl helper,
periodically denying access. To do this use the helper in the automatic
mode, and have a relatively small session timeout smaller than the ttl
specified in external_acl_type.

But be warned that some browser automatically retries the cached
credentials a couple of times before asking the user to authenticate
again. Also, in most browsers it's sufficient to just cancel the login
box and try again..

Regards
Henrik

Received on Tue Mar 20 2007 - 06:02:34 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT