[squid-users] Force LDAP groups to de-authenticate?
Dan Purgert
dan at djph.net
Sat Jul 4 17:43:14 UTC 2015
On July 4, 2015 2:57:20 AM EDT, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>On 4/07/2015 6:08 a.m., Dan Purgert wrote:
>> I'm setting up a squid proxy with LDAP user/group authentication, and
>so
>> far have been able to sort out the problems I've run into with a
>little
>> help from google and caches of the various squid mailing lists.
>>
>> Currently, it's in a mostly working state for nearly everything (i.e.
>
>> user authentication, allowed/blocked based on what group a user
>belongs
>> to, client pc auto-updates, etc.). However, I can't figure out how
>to
>> force a user to re-authenticate after a set interval of time (say 30
>> mintues).
>
>
>What exact use-case is this for?
> students logged in only for a class period?
> access differences between class and break times?
> something else?
>
>As Dan mentioned HTTP authentication alone will not do this. Since HTTP
>is stateless the browser is *already* re-authenticating on every single
>request. The user has no interaction. The auth TTLS are just to ensure
>Squid has accurate info about the credentials in its auth cache for the
>backend part.
>
>What you can do is use an external ACL helper to allow/reject based on
>any criteria you code/script it for.
>
>Amos
>
>_______________________________________________
>squid-users mailing list
>squid-users at lists.squid-cache.org
>http://lists.squid-cache.org/listinfo/squid-users
Yes, it's a "allow sites ABC for class time" and "allow xyz for break".
The acls work already for "class" ... am looking for a way to give "on the fly" breaks. If that's not possible, I can work out something else (e.g. define a time based acl from say 2-3 pm or something). I was just hoping to be able to be less heavy-handed than that.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the squid-users
mailing list