[squid-users] Basic auth - cache credentials
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 5 23:52:58 UTC 2016
On 6/01/2016 5:16 a.m., Berkes, David wrote:
> Hello - My goal is to cache any user credentials from a browser once
> for a period of time without prompting the user browser to ask for
> them until a certain time period has passed (i.e., enter them once
> and again after 8 hours pass). Is there a method to do this? I have
> read about (credentialsttl) and (authenticate_ttl), but not sure if
> this can be accomplished.
No and "it already is happening".
The situation is that:
* HTTP is stateless and multiplexed. This requires that the credentials
be sent on every request.
* The browser is responsible for remembering that credentials are
required for the proxy and which credentals to send.
* Squid just acts as a relay of those credentials to the authentication
backend.
Caching credentials in Squid does not remove the HTTP requirement that
the browser send credentials on every request. All it can do is prevent
Squid needing to re-check them with the backend auth system for a time
(ie the helper lookup). That is what the "auth_param basic
credentialsttl" does. The default is 1 hour between re-checks with the
backend.
If you are getting constant popups something is very wrong with your
setup. There should only ever be 0 or 1 popup displayed, regardless of
which authentication is being done.
We will need to see your squid.conf to help in any more detail.
Amos
More information about the squid-users
mailing list