[squid-users] Force LDAP groups to de-authenticate?
Jason Haar
Jason_Haar at trimble.com
Sat Jul 4 05:07:27 UTC 2015
On 04/07/15 06:08, Dan Purgert wrote:
> I need to kick the users and force a re-
> auth, as this is for a school environment.
You can't really do that with proxy authentication methods. Once a
browser has successfully authenticated, it remembers that - so even if
you flush the server cache, all that happens is the browser sends the
cached credentials it has and the server revalidates: the user doesn't
even know it's happened
The only way I can think of that will serve your purposes is to move to
a "portal" solution instead. ie don't use proxy authentication - instead
block Internet and redirect port 80 requests to a captive portal, force
people to login there, then that action whitelists their Internet access
for the next 'n' minutes, after that time expires, they are pushed back
to the portal page again
...but that will require a different product - something like pfsense
comes to mind
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the squid-users
mailing list