Authentication ttl and other security questions.

From: Josh Kuperman <[email protected]>
Date: Fri, 26 Feb 1999 10:54:04 -0500

Three questions:

I changed the setting for autheticate_ttl to

authenticate_ttl 300

which I thought would force me to authenticate again after about
five minutes.

I also have set up

authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd #on one line in squid.conf
acl passwd proxy_auth 300

Yet no matter what I am not forced to authenticate myself again after five minutes. What did I miss?

--
I have tested squid by trying to set up machines to use the proxyserver that should not be allowed. They cannot use the server but they get an error message which clearly shows that they have connected to a machine that is running squid. Is there a way to make it look to outside excluded machines like there is nothing there. This would be easiest if it was just a setting in squid.conf, but even using tcp_wrappers (or some other program would be fine). I'd like to know who was trying and when. But I want it to look to them like there is nothing here; I don't want to give them info before they are turned away.
-- 
Slightly off topic. I have noticed this messages - I changed the timestamp and IPs to x's.
x.x.x.x.x TCP_DENIED/407 1764 GET http://channels.real.com/getlatest.glh? - NONE/- text/html
I am using Netscape, and the IP is my machine. It constantly trying to connect to a real.com? What is going wrong?
--
Josh Kuperman        Saratoga Springs Public Library
sar_kuper@sals.edu   49 Henry St  
518.584.7860x211     Saratoga Springs, NY 12866
http://www.library.saratoga.ny.us 
Received on Fri Feb 26 1999 - 09:04:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:45 MST