RE: [squid-users] External Authenticator help!
On Sun, 11 Apr 2004, Prash wrote:
> I have now completed my perl script and is working fine on squid. Now since
> I've set a lifetime (say 30 min) for each user, I want squid to invoke my
> script and check the HA1 value every 5 min (say) regardless of whether user
> was browsing or not. Is this possible or do I have to do something in my
> script itself?[/color]
Good question. Have not spent much time with the Digest scheme..
Looking.. no, there does not seem to be a credentials ttl parameter in the
Digest scheme. This needs to be added for doing what you want.
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 5 minutes
> auth_param digest nonce_max_count 50
> ] * I don't think these params will do anything for me??[/color]
The nonce is a different aspect, related to sessions, not passwords.
> authenticate_cache_garbage_interval 10 minutes
> authenticate_ttl 1 minute
> ] * authenticate_ttl expiry should invoke my script provided the user is not
> hammering the internet and not expiring 1 min. Probably I should change it
> to seconds.[/color]
authenticate_ttl could work. Not exacly optimal however.. if using this
you also loose the IP relation (max_user_ip) etc..
I would recommend looking into having a credentials ttl parameter added to
the digest scheme like how it is in the basic scheme. Should not be hard
to add. Contact me via the squid-dev list if this interests you.
> Also, does squid support fancy error pages? I want fancy html style sheets
> etc to hook into existing error pages in /etc/squid/errors.[/color]
It is just HTML pages.. you can add whatever you please to the Squid
errors, or even add your own pages. Adding your own is very useful for
different "access denied" messages in different conditions. See the FAQ
on how to write custom error pages.