On 18/02/2014 5:43 a.m., Scott Mayo wrote: > On Mon, Feb 17, 2014 at 10:39 AM, Wim Ramakers > <[email protected]> wrote: >> I forgot to paste the line in the first post, I’ve set >> authenticate_cache_garbage_interval 5 minutes. >> >> Even after an hour I stayed authenticated, so I’ve changed it also to a >> lower value. > > > I am curious to this also then. I wonder if that is the browser. Is > there a setting for how often a browser asks for authentication? > > My assumption would be that the browser asks Squid for authentication. > Once it is authenticated with your LDAP, then it will not have to > authenticate again until the browser asks again. I may be totally > wrong though. >
I think you are misunderstanding the authentication model in a big way. The browser is only asking Squid for access to a resource (via its URL). In a properly working authentication system the user will only be asked for credentials 0 or 1 times *total*. This goes for all authentication types. http://wiki.squid-cache.org/Features/Authentication#How_does_Proxy_Authentication_work_in_Squid.3F The behaviour you are seeing is because the credentials are still valid in the authentication database. NP: browsers do not provide any logout mechanism to users. The above wiki page has an example of ACL configuration to force a change of credentials. Amos
