From b853db41b4e9af51d0838407f9c6ac8819849840 Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Thu, 30 Jan 2014 23:24:44 +0200
Subject: [PATCH] Fix documentation for key_extras authentication helper
 parameter

---
 src/cf.data.pre | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 47eaf70db8..829c22d2e2 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -334,6 +334,16 @@ DOC_START
 	sent before the required macro information is available to Squid.
 	By default, Squid uses request formats provided in scheme-specific
 	examples below (search for %credentials).
+	The expanded key_extras value is added to the Squid credentials
+	cache and, hence, will affect authentication. It can be used to
+	autenticate different users with identical user names (e.g., when user
+	authentication depends on http_port).
+	Avoid adding frequently changing information to key_extras. For
+	example, if you add user source IP, and it changes frequently
+	in your environment, then max_user_ip ACL is going to treat every
+	user+IP combination as a unique "user", breaking the ACL and
+	wasting a lot of memory on those user records. It will also force
+	users to authenticate from scratch whenever their IP changes.
 
 	=== Parameters for the basic scheme follow. ===
 
-- 
2.47.3