On Mon, 15 Dec 2003, Esteban wrote:
> But if I remove access to the user in my radius server, auth.pl returns
> ERR but the access is still granted by the Squid.
More likely a previous OK is remembered by Squid for a while. See the
auth_param basic ttl parameter.
Due to the stateless nature of HTTP authentication where there is no
login/logout but instead the login information is sent in each and every
request Squid does not always asks the authentication helper if the
login is still valid, instead it remembers if a previous login with the
same login+password was OK and accepts new requests with the same
login+password if it was not too long ago this login+password was
verified with the authentication backend.
Regards
Henrik
Received on Mon Dec 15 2003 - 14:43:25 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:13 MST