Quote:
Originally Posted by repo
Did you restart squid ?
|
No - would be pointless to restart squid every time you added a user or deleted one as that would affect all the existing users:
According to the squid user group it seems this affects the user cache auth schemes and I probably need to uncomment it in the conf and then restart.
Quote:
# "credentialsttl" timetolive
# Specifies how long squid assumes an externally validated
# usernameassword pair is valid for - in other words how often the
# helper program is called for that user. Set this low to force
# revalidation with short lived passwords. Note that setting this high
# does not impact your susceptibility to replay attacks unless you are
# using an one-time password system (such as SecureID). If you are using
# such a system, you will be vulnerable to replay attacks unless you
# also use the max_user_ip ACL in an http_access rule.
# auth_param basic credentialsttl 2 hours
|
However, I am not sure whether that means the user is asked for the user password every 2 hours or whether it is only since the last request.