From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Thu, 30 Jan 2014 21:24:44 +0000 (+0200)
Subject: Fix documentation for key_extras authentication helper parameter
X-Git-Tag: SQUID_3_5_0_1~393
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b853db41b4e9af51d0838407f9c6ac8819849840;p=thirdparty%2Fsquid.git

Fix documentation for key_extras authentication helper parameter
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 47eaf70db8..829c22d2e2 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -334,6 +334,16 @@ DOC_START
 	sent before the required macro information is available to Squid.
 	By default, Squid uses request formats provided in scheme-specific
 	examples below (search for %credentials).
+	The expanded key_extras value is added to the Squid credentials
+	cache and, hence, will affect authentication. It can be used to
+	autenticate different users with identical user names (e.g., when user
+	authentication depends on http_port).
+	Avoid adding frequently changing information to key_extras. For
+	example, if you add user source IP, and it changes frequently
+	in your environment, then max_user_ip ACL is going to treat every
+	user+IP combination as a unique "user", breaking the ACL and
+	wasting a lot of memory on those user records. It will also force
+	users to authenticate from scratch whenever their IP changes.
 
 	=== Parameters for the basic scheme follow. ===