Global authentication settings

After changes in this area Squid should be reactivated with the button "Save and Restart" so that the changes can take affect.

The local authentication method = (auth_param basic programm) offers the possibility over an internal Squid function to authenticate users with password and user query for the Internet access via HTTP, HTTPS and authenticate WebFTP. To get into the "Global authentication settings", the "Authentication method" needs to be set to "local" and then the "Save and Reload" button should be clicked, whereupon this area should be opened.

Number of authentication processes: = (auth_param basic children) Specifies the authentication process which can be started. If more authentication processes are needed, so there may be delays during authentication. To correct this behavior, it would help to set the value up (default value are 5).

Authentication cache TTL (in minutes): = (auth_param basic credentialsttl) Specifies the "time-to-live" value of the cached user data in minutes. This value is measured from the last request (default 60 min.) .

Limit of IP addresses per user: = (acl concurrent max_user_ip) Here you can set how many simultaneous logins per user are permitted (default is empty <-> means any number).

User/IP cache TTL (in minutes): = (authenticate_ip_ttl) Determines how long an authentication tied to a source IP. This function can prevent that multiple users are registerd with the same authentication data. This value is combined with authenticate_ip_ttl. Default 0 <-> 0 turns the option off.

Require authentication for unrestricted source addresses: = unrestricted IP adresses are also subject to local authentication. If this option is disabled, an authentication does not apply to unrestricted IPs.

Authentication realm prompt: = (auth_param basic realm) Here, an individual created text can be edited which will be displayed during the authentication process.

Domains without authentication (one per line): (dst_noauth.acl) Defines domains which work also without authentication.

Local user authentication

Gives the ability to adjust the authentication setting.

Minimum password length: = (NCSA_MIN_PASS_LEN) Defines the minimum password length that have to be used (default 6 digits).

Bypass redirection for members of the group 'Extended': = (redirector_access deny) With an active Content-Filter Advanced users would not be diverted from the group to the URL filter limitations.

User management = Opens the section for creating and/or modifying user accounts.

Local user authentication

With the "User management" the username and password can be edit. There can be 3 different groups defined.

Extended = Users of this group are not limited by the "Time restrictions", "Transfer limits" and the "MIME type filter".
Standard = Users of this group are limited by the "Time restrictions", "Transfer limits" and the "MIME type filter".
Disabled = Users from this category are blocked in general.

Change the web access password by the users

By the usage of this address
http://IP-IPFIre:81/cgi-bin/chpasswd.cgi
it is possible for the users without administrative access to the webinterface to change their password for the local authentication.

Back to authentication main page

Back to the proxy main page

Additional links:

http://wiki.squid-cache.org/Features/Authentication

Local Authentication

Local user authentication

Local user authentication

Change the web access password by the users

Additional links: