[squid-users] Force LDAP groups to de-authenticate?

Amos Jeffries squid3 at treenet.co.nz
Sat Jul 4 06:57:20 UTC 2015


On 4/07/2015 6:08 a.m., Dan Purgert wrote:
> I'm setting up a squid proxy with LDAP user/group authentication, and so 
> far have been able to sort out the problems I've run into with a little 
> help from google and caches of the various squid mailing lists. 
> 
> Currently, it's in a mostly working state for nearly everything (i.e. 
> user authentication, allowed/blocked based on what group a user belongs 
> to, client pc auto-updates, etc.).  However, I can't figure out how to 
> force a user to re-authenticate after a set interval of time (say 30 
> mintues).


What exact use-case is this for?
 students logged in only for a class period?
 access differences between class and break times?
 something else?

As Dan mentioned HTTP authentication alone will not do this. Since HTTP
is stateless the browser is *already* re-authenticating on every single
request. The user has no interaction. The auth TTLS are just to ensure
Squid has accurate info about the credentials in its auth cache for the
backend part.

What you can do is use an external ACL helper to allow/reject based on
any criteria you code/script it for.

Amos



More information about the squid-users mailing list