Re: V : Authentication:the same userid from only one station at a time

From: David Luyer <[email protected]>
Date: Tue, 16 Feb 1999 18:53:49 +0800

> Please CC me your answers - this is a very interesting question...
>
> Thanks.
>
> Peter
>
> > Is there anyone who knows how can I force Squid 2.1 P2 to let one userid
> > to be used only from one client at the same time?
> >
> > Thanks
>

Basically - HTTP has no concept of a 'session'. You really can't determine
when someone has 'logged out' of a station and 'logged in' to the next one,
or when you're seeing requests from two people using the same userid. How do
you know their station didn't just crash and they didn't just log into the
one next to it, 2 seconds after their last HTTP request?

However, using the external authentication, you could have some way of
establishing a 'session' between the user workstation and the cache.
If you did this, then you could require that a workstation was in some
way registered as the current workstation for a particular user before you
permit them access. I don't know if this is possible at present, from memory
the client IP address isn't passed to the external authenticator. But making
that happen is no less coding than making an external authenticator which only
authenticates for a registered 'session', and working out how the clients are
going to register a 'session' (via a CGI script or special-purpose
application?).

However - basically - I think that this will create more problems than it is
worth, and if you have problems with people using multiple workstations
concurrently, you can probably best detect this from intelligently
post-processing the logs and best deal with it by talking to, or locking
accounts of (depending on site policy) the users.

David.
Received on Tue Feb 16 1999 - 03:59:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:34 MST