Re: [squid-users] Time restrictions

From: Michael Fuller <fullerms@dont-contact.us>
Date: Sat, 14 Dec 2002 10:12:01 +0530

Hi,

> See http://www.squid-cache.org/related-software.html

Thanks for lead. I looked up the link, and it seems to be worth a try.
However, the author has officially declared that Squid RADIUS authenticator
V1.04 is no longer supported :-( See below :

" The support was already for a long time not really worth mentioning.
Hereby I make it official: Squid-rad-auth is not supported anymore. Feel
free to use it but you might want to consider PAM if your platform supports
it."

> The main issue is to somehom know when the user should be kicked out.
> I.e. where and how to keep track of time.

I guess that this can be done if Squid can send accounting packets to
RADIUS. freeRadius uses the "counter" module to do this. See attached
message from the freeRadius forum. As you had mentioned, if the ttl is set
to a low value, and squid sends accounting packets to radius, it can be
done.

Regards,
Michael Fuller.

----- Original Message -----
From: "Henrik Nordstrom" <hno@marasystems.com>
To: "Michael Fuller" <fullerms@sr.railnet.gov.in>
Cc: <squid-users@squid-cache.org>
Sent: Saturday, December 14, 2002 2:35 AM
Subject: Re: [squid-users] Time restrictions

> On Friday 13 December 2002 12.32, Michael Fuller wrote:
> > Hello,
> >
> > > Possibly. There is both a native radius helper to Squid
> > > available, and you should also be able to use PAM for that
> > > purpose.
> >
> > I have the squid 2.5 stable 1 source tree, but I don't see anything
> > connected with RADIUS there.
>
> It is because the radius helper has not been included in the Squid
> distribution.
>
> See http://www.squid-cache.org/related-software.html
>
> > > Unknown. There is no session equivalence in HTTP. The proxy just
> > > verifies that the password is valid every auth param ttl.
> >
> > Yes, I think this will not work for two reasons. One, squid is not
> > going to send accounting packets to RADIUS. Second, squid cannot
> > forcibly disconnect a user as you had mentioned.
>
> Disconnect the user from using Squid it can. The granulatiry is the
> ttl set in squid.conf, both when using authenitcation or
> authorisation as method of denying the user.
>
> The main issue is to somehom know when the user should be kicked out.
> I.e. where and how to keep track of time.
>
> Regards
> Henrik
>

attached mail follows:


Received on Fri Dec 13 2002 - 21:42:23 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:05 MST