> > William to be more clear this patch is not related at all with > authenticate_ttl directive. > authenticate_ttl doesn't works with Digest, but with basic and maybe another > (ntlm, kerberos ?) there is no precision here > http://www.squid-cache.org/Doc/config/authenticate_ttl/ > > The patch works like this: > > At first banner Squid store the login/password HASH > http://en.wikipedia.org/wiki/Digest_access_authentication > http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication > > When nonce is stalled (nonce_max_count reached) the helper compare the > account stored in memory with a request to Ldap or/and when the nonce is > expired, the helper makes the same thing. > > In this two cases there are two possibilities, the account is right or wrong > -> Bad password or/and bad login > > - If the return is right Squid return a new nonce and there is no impact for > the user, I mean no banner. > - If the return is wrong Squid present the authentication realm to the user > and the browser prompt for a username and password. > > There is also an another situation - if squid is restarted - the browser > returns is HASH without banner (if the account is right of course) > > So, without any change in LDAP the banner never appear, except when the > browser start. > > Fred > > PS: About Digest you are right it's almost good now, still also a little > problem with nonce count but not related with this >
Hi, Ok, thanks, Tested with both nonce_count and nonce_max_duration, no problem. Do you known if it works with squid 3.5 ? _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
