Re: [squid-users] Time restrictions

From: Michael Fuller <fullerms@dont-contact.us>
Date: Fri, 13 Dec 2002 17:02:54 +0530

Hello,

> Possibly. There is both a native radius helper to Squid available, and you
> should also be able to use PAM for that purpose.

I have the squid 2.5 stable 1 source tree, but I don't see anything
connected with RADIUS there.

> Unknown. There is no session equivalence in HTTP. The proxy just verifies
> that the password is valid every auth param ttl.

Yes, I think this will not work for two reasons. One, squid is not going to
send accounting packets to RADIUS. Second, squid cannot forcibly disconnect
a user as you had mentioned.

Regards,
Michael Fuller

----- Original Message -----
From: "Henrik Nordstrom" <hno@marasystems.com>
To: "Michael Fuller / Hotmail" <fullerms@hotmail.com>
Cc: <squid-users@squid-cache.org>
Sent: Friday, December 13, 2002 11:31 AM
Subject: Re: [squid-users] Time restrictions

> On Fri, 13 Dec 2002, Michael Fuller / Hotmail wrote:
>
> > Is radius authenitcation possible at least?
>
> Possibly. There is both a native radius helper to Squid available, and you
> should also be able to use PAM for that purpose.
>
> > If that is possible I can use the maxdailysession attribute of radius to
> > implement these features.
>
> Unknown. There is no session equivalence in HTTP. The proxy just verifies
> that the password is valid every auth param ttl.
>
> Assuming that radius in maxdailysession keeps track of the user session
> somehow based on login/logout requests I would say it is quite likely not
> possible as there is no running session while the user is using the proxy,
> only very quick verifications of his password from time to time.
>
> If it is the devices responsibility to enforce the maxdailysession then
> no.
>
> Regards
> Henrik
>
>
Received on Fri Dec 13 2002 - 04:33:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:04 MST