Re: [squid-users] Basic authentication and auth_param basic credentialsttl

From: <egobrc_at_gmail.com>
Date: Sat, 8 Jun 2013 13:07:08 +0200

Thanks for the explanation, it is clear now. So I need to set up an
OS/Browser-side credential retention, like storing them in the browser
or a single-sign-on system.

2013/6/8 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 8/06/2013 3:32 a.m., egobrc_at_gmail.com wrote:
>>
>> Hi everybody,
>> I have configured Squid (v. 3.1.19) to authenticate against a Samba
>> (v. 3.6.3) domain, using smb_auth auth param basic program. Thanks to
>>
>> http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg638539.html
>> I edited smb_auth.sh and now the authentication works smoothly, but
>> now I have a doubt about how auth_param basic credentialsttl directive
>> works.
>> I set it to 8 hours, but each time an user closes the browser and
>> re-opens it, the login popup appears; I have also tried
>> authenticate_ttl directive, but the result is the same. Is it a
>> work-as-intended? Credentials are cached until the browser is opened?
>> Thank you in advance.
>
>
> HTTP requires browser to deliver credentials on *every* request to Squid.
> The Squid settings just control how often those credentials are passed to
> the backend for verification, and how often Squid short-circuits the
> authentication using earlier credentials.
>
> Browser popups are *entirely* a browser feature about where its getting
> credentials in thforst place, nothig to do with Squid. A popup is usually a
> sign that the browser is unable to locate *any* credentials that are usable.
>
> Amos
Received on Sat Jun 08 2013 - 11:07:50 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 08 2013 - 12:00:03 MDT