Clowser, Jeff wrote:
- Consider this example - the place I run into this most often is our
Internet proxies, which are password protected. There are many apps a user uses that connects through the proxy (which in turn auths against ldap) to get some kind of content or update. Some of these (broken) apps provide users an option to save the password, and when they do (not that I recommend this behavior, but I can't stop them), it tries repeatedly to get updates/content using the old password after a user changes their password.
I don't understand the problem: If the proxy is correctly implemented it will only send exactly *one* authentication request to a user database even if there are several parallel outstanding HTTP requests to be served by the proxy. If your proxy does not serialize authentication requests and then cache authentication state then fix your proxy.
Ciao, Michael.