Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

From: Wim Ramakers <wim.ramakers_at_lucine-os.be>
Date: Thu, 20 Feb 2014 15:39:00 +0100

I now have implemented FredB’s idea into my own basic helper in php, which says ERR when the credential expire date time is in the past. That seems to work also for iPads :)
That expire date time can be set (to now + xx min) via a php page and correct credentials.

Working fine, except for the fact that I now want to present the user the page to activate his credentials every 30min…

My target workflow is that when a user tries to access a page he is not allowed to he will FIRST get the credential expire time update page where he can activate a ticket for a specified time THEN when he tries again he must get the basic auth popup where his credentials will work now. The user may not first get the auth popup and need to know by himself he has to go to the credential expire time update page first. I’ve tried some deny and allow rules with my acl's, but can’t find the good combination. If I could have the user redirect automatically to the credential expire time update page every xx minutes, that would solve my problem.

Another question: the debian package of squid I use is v3.1.20, which has the old session helper and only has only -t (timeout time) and not -T (always after time) parameter. Is it possible to just add the new helper to my squid version (can i download it from somewhere?)?

Or should I just make my own external helper for the sessions? in the basic auth helper i get the username and password, but what do i get with the external helpers? just the name? When do I return which value?

Wim
Received on Thu Feb 20 2014 - 14:39:27 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 21 2014 - 12:00:06 MST