Squid LDAP based authentication popping up for all new IE windows

Hi All,

I am using basic LDAP authentication with squid (squid_auth_ldap) and
I am able to authenticate successfully. The problem is that the
authentication is popping up for every new IE window, though works
without a hitch in FF.

I tried tinkering with credentialsttl and authenticate_ttl but no joy.
Could somebody please point out what I am doing wrong:

My configuration is as follows:
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -v 3
-b "ou=People,dc=xxxxx,dc=xx,dc=xx" -D "cn=root,dc=xxxxx,dc=xx,dc=xx" -
w xxxxxx -h 127.0.0.1
auth_param basic children 5
auth_param basic realm XXXX
auth_param basic credentialsttl 30 minutes

authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 3000

acl Authorized proxy_auth REQUIRED
acl localnet src 192.168.0.0/255.255.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 21 23 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0

http_access allow Authorized
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all

Thanks,
Animesh

On Mar 26, 5:41 pm, abansri...@gmail.com wrote:
> Hi All,
>
> I am using basic LDAP authentication with squid (squid_auth_ldap) and
> I am able to authenticate successfully. The problem is that the
> authentication is popping up for every new IE window, though works
> without a hitch in FF.
>
> I tried tinkering with credentialsttl and authenticate_ttl but no joy.
> Could somebody please point out what I am doing wrong:
>
> My configuration is as follows:
> auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -v 3
> -b "ou=People,dc=xxxxx,dc=xx,dc=xx" -D "cn=root,dc=xxxxx,dc=xx,dc=xx" -
> w xxxxxx -h 127.0.0.1
> auth_param basic children 5
> auth_param basic realm XXXX
> auth_param basic credentialsttl 30 minutes
>
> authenticate_cache_garbage_interval 1 hour
> authenticate_ttl 1 hour
> authenticate_ip_ttl 3000
>
> acl Authorized proxy_auth REQUIRED
> acl localnet src 192.168.0.0/255.255.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 443 210 119 70 21 23 1025-65535
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
>
> http_access allow Authorized
> http_access allow localnet
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT
> http_access deny all
>
> Thanks,
> Animesh

http://netmirror.org/mirror/squid-ww...Q.html#toc23.3

Note the note:

"Note: This has nothing to do with how often the user needs to re-
authenticate himself. It is the browser who maintains the session, and
re-authentication is a business between the user and his browser, not
the browser and Squid. The browser authenticates on behalf of the user
on every request sent to Squid. What this parameter controls is only
how often Squid will ask the defined helper if the password is still
valid."

Therefore, blame it on the browser.