Re: [squid-users] authenticate_ttl not working

From: Henrik Nordstrom <[email protected]>
Date: Mon, 9 Dec 2002 01:39:04 +0100

As I said previously: the browser reauthenticates to Squid on each and
every request, even if the user only sees one login question.

The purpose of authenticate_ttl does exacly what you want here: It
controls how often your backend database will be queried if this user
is still valid.

It however has nothing to do with how often the user will se a login
question, other than that user will receive a new login question when
your system determines that his login is no longer valid, and he will
then only be able to log in again when your backend system indicates
the login is valid.

However, for practical reasons I would recommend using external_acl
for quota management. Using external_acl allows you to send a proper
error message to the user explaining why he is no longer given access
instead of suddently refusing the login as if the password was
invalid. external_acl lookups have a similar ttl mechanism
controlling how often the backend database is queried for validity.

Another problem you need to solve is quota accounting. How you account
for a users usage of the proxy. But if all you want to account is
"time from first request" then it should be pretty trivial to
implement using a SQL backend database.

You will need to do some programming for writing the helper that
connects Squid to your SQL database for accounting and authorization,
but not very much.

If you also want to use the SQL database for authentication then some
programming will be required for a similar helper verifying the users
password to your SQL database.

Regards
Henrik

On Sunday 08 December 2002 23.57, Lee, Jason wrote:
> We are trying to setup a quota system so that each our it checks
> and get the user to re-authenticate. If the quota limit has passed
> then the user is not allow back in. If I don't get the user to
> re-authenticate then how else would I check against the quota
> database. I am wanting to run a SQL Server database on a second
> server and a web interface for quota management in .NET.
>
> Any suggestions appreciated.
>
> Jason
Received on Sun Dec 08 2002 - 17:39:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:55 MST