RE: Authentication ttl and other security questions.

From: Mike Wohlgemuth <[email protected]>
Date: Fri, 26 Feb 1999 11:36:28 -0500

> -----Original Message-----
> From: Josh Kuperman [mailto:sar_kuper@sals.edu]
>
> Three questions:
>
> I changed the setting for autheticate_ttl to
>
> authenticate_ttl 300
>
> which I thought would force me to authenticate again after about
> five minutes.
>
> I also have set up
>
> authenticate_program /usr/local/squid/bin/ncsa_auth
> /usr/local/squid/etc/passwd #on one line in squid.conf
> acl passwd proxy_auth 300
>
> Yet no matter what I am not forced to authenticate myself
> again after five minutes. What did I miss?

You are forced to authenticate every time you request a page. The reason
you don't get prompted every time is that your browser caches the
authentication information and sends it with each request. The timeouts it
the squid.conf just affect how long squid caches the authentication
information. When you authenticate to squid, it remembers the username and
password that worked before. If you set to timeout to 5 minutes, it will
only remember the username and password for five minutes, and after that
will pass that info back through your authenticate_program.

>
> Slightly off topic. I have noticed this messages - I changed
> the timestamp and IPs to x's.
>
> x.x.x.x.x TCP_DENIED/407 1764 GET
http://channels.real.com/getlatest.glh? - NONE/- text/html
>
>I am using Netscape, and the IP is my machine. It constantly trying to
connect to a real.com? What is >going wrong?

Most likely you have RealPlayer G2 running in your system tray. It doesn't
know how to do proxy authentication. I noticed that machines that had
installed RealPlayer prior to my requiring authentication kept trying every
minute even though they were always getting rejected. I could not get fresh
installs after I required authentication to mimic this.

Woogie
Received on Fri Feb 26 1999 - 09:30:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:45 MST