[squid-users] probable Bug???

From: khiz code <[email protected]>
Date: Sat, 15 Feb 2003 00:03:53 -0800 (PST)

Hie all
i was trying out the ip_authenticate_strict option
i ve observed the follwing

1>if a second user from a different IP tries to authentcate with the proxy, he
is denied access if he enters the **correct** user name/pwd combination (as
expected)
however if he gives the **wrong ** username/pwd combination and then
**subsequently tries the correct one** he is GRANTED access . at the same time
the previously validated user is kicked off and forced to reauthenticate???

is there a patch available for this for 2.4 Stable 6 .. I dont want to upgrade
to 2.5 as of now ......

TIA
Khiz

--- khiz code <khizcode@yahoo.com> wrote:
> Hie
>
> i tried the suggestions
> my config is
>
> authenticate_ip_ttl 1 hour
> authenticate_ip_ttl_is_strict on
>
> Howvere i have observed that the user name and password can be reused on some
> other client machine within the authenticate_ip_ttl time period ??
>
>
> have i missed something here?
>
> pls do get back
> TIA
> Khiz
>
>
> --- Prasanta kumar Panda <prasanta.kumar@wipro.com> wrote:
> >
> >
> > Hi Khiz
> >
> > Don't use "strict" then.
> >
> > For 2.4
> > authenticate_ip_ttl_is_strict off
> >
> > For 2.5
> > Don't use "-s" for "max_user_ip".
> >
> > This will prompt for a second time password every time the IP gets
> > changed. If some one else is using the username/password of your (valid
> > user) the (valid user) will be prompted for password frequently which
> > will make him not to share his credential to other. But this will not
> > help if you have some sort of tools where you can hardcode the
> > credential.
> > Reg.
> > Prasanta
> >
> >
> >
> > -----Original Message-----
> > From: khiz code [mailto:khizcode@yahoo.com]
> > Sent: Tuesday, February 11, 2003 7:23 PM
> > To: Prasanta kumar Panda; squid-users@squid-cache.org
> > Subject: RE: [squid-users] Password resuse
> >
> >
> > thanks for the reply
> > well this will bind the user to that specific IP address
> > what if the (valid user) were to move to another PC during that period
> > itself .. i guess im talking non sense
> >
> > henrick ..any pointers ???
> >
> > TIA KHiz
> >
> > --- Prasanta kumar Panda <prasanta.kumar@wipro.com> wrote:
> > >
> > >
> > > Hi Khiz
> > >
> > > If using 2.4 squid:
> > > Just set the time for "authenticate_ip_ttl" and make
> > > "authenticate_ip_ttl_is_strict" on ( is default)
> > > Ex:
> > > authenticate_ip_ttl 2 hour
> > > authenticate_ip_ttl_is_strict on
> > >
> > > For 2.5 Squid
> > >
> > > authenticate_ip_ttl_is_strict option is served by "acl aclname
> > > max_user_ip [-s] number"
> > >
> > > Use this acl to match and then deny the request. Also you can give a
> > > custom error page as supported by 2.5
> > >
> > > Reg.
> > > Prasanta
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: khiz code [mailto:khizcode@yahoo.com]
> > > Sent: Tuesday, February 11, 2003 6:20 PM
> > > To: squid-users@squid-cache.org
> > > Subject: [squid-users] Password resuse
> > >
> > >
> > > Hie gurus
> > >
> > > i ve got a peculiar requirement
> > >
> > > after a user authenticates himeslf to squid (using any of the
> > > available
> > > mechanisms) i need to be able to restrict the user to that particular
> > > machine as such time that he is browsing using that machine. SO
> > during
> > > such time , no other user should be able to use the same user name and
> > > password on some other machine ..
> > >
> > >
> > > however once he has logged off (??) , the user name and password can
> > > be re used on some other machine
> > >
> > > I know this is more of a policy issue, wherein passwods should not be
> >
> > > revealed, but wondering if Technology could do the rescue act :-0)
> > >
> > > Thanks in advance
> > > khiz
> > >
> > >
> > >
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Shopping - Send Flowers for Valentine's Day
> > > http://shopping.yahoo.com
> > > >
> > **************************Disclaimer************************************
> > **************
> > >
> > >
> > > Information contained in this E-MAIL being proprietary to Wipro
> > > Limited is 'privileged' and 'confidential' and intended for use only
> > > by the individual or entity to which it is
> > > addressed. You are notified that any use, copying or dissemination of
> > the
> > > information
> > > contained in the E-MAIL in any manner whatsoever is strictly
> > prohibited.
> > >
> > >
> > ************************************************************************
> > ****************
> > >
> > >
> > >
> > >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Shopping - Send Flowers for Valentine's Day
> > http://shopping.yahoo.com
> >
> > **************************Disclaimer************************************
> >
> > Information contained in this E-MAIL being proprietary to Wipro Limited is
> > 'privileged' and 'confidential' and intended for use only by the individual
> > or entity to which it is addressed. You are notified that any use, copying
>
> > or dissemination of the information contained in the E-MAIL in any manner
> > whatsoever is strictly prohibited.
> >
> > ***************************************************************************
> > > BEGIN:VCARD
> > VERSION:2.1
> > N:Panda;Prasanta;Kumar
> > FN:Prasanta (prasanta.kumar@wipro.com) (prasanta)
> > ORG:Wipro Technologies;IMG-HDC
> > TITLE:Sr. Network Analyst
> > TEL;WORK;VOICE:+91 40-6565148
> > TEL;WORK;VOICE:+91 40-6565000
> > ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Wipro Technologies=0D=0ASurvey #
> > 64=0D=0AMadhapur;Hyderabad;Andhra Pradesh=
> > ;500033;India
> > LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Wipro Technologies=0D=0ASurvey #
> > 64=0D=0AMadhapur=0D=0AHyderabad, Andhra Pra=
> > desh 500033=0D=0AIndia
> > URL;WORK:http://www.wipro.com
> > EMAIL;PREF;EX:/o=Wipro/ou=First Administrative
> > Group/cn=Recipients/cn=prasanta
> > REV:20020725T070827Z
> > END:VCARD
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Shopping - Send Flowers for Valentine's Day
> http://shopping.yahoo.com

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Received on Sat Feb 15 2003 - 01:03:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:24 MST