Squid_ The Definitive Guide - Duane Wessels [188]
Since the auth_param directive is very complex, I'm presenting it here as a separate directive for each combination of parameters.
Syntax
See the following subsections
Default
See the following subsections
Example
See the following subsections
Related
authenticate_cache_garbage_interval, authenticate_ttl, authenticate_ip_ttl
auth_param basic program
The command for the HTTP Basic authentication helper. You need to specify the full pathname to the program, plus any command-line options.
Syntax
auth_param basic program command ...
Default
No default
Example
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/
ncsa_passwd
Related
auth_param basic children, auth_param basic realm, auth_param basic credentialsttl
auth_param basic children
This is the number of Basic authentication helper processes Squid uses.
Syntax
auth_param basic children count
Default
auth_param basic children 5
Example
auth_param basic children 10
Related
auth_param basic program, auth_param basic realm, auth_param basic credentialsttl
auth_param basic realm
This is the Basic authentication realm Squid sends in 407 (Proxy Authentication Required) responses. User agents typically display the realm string to the user when requesting a username and password. Refer to RFC 2617, Section 2.
Syntax
auth_param basic realm string
Default
No default
Example
auth_param basic realm Squid proxy-caching web server
Related
auth_param basic program, auth_param basic children, auth_param basic credentialsttl
auth_param basic credentialsttl
To reduce load on the external authentication processes, Squid caches successful answers for this amount of time. In other words, once a user is authenticated, Squid doesn't query the helper program again until this TTL expires. If you change the external database (e.g., password file), Squid may not notice the change until the cached credentials time out.
Syntax
auth_param basic credentialsttl time-specification
Default
auth_param basic credentialsttl 5 minutes
Example
auth_param basic credentialsttl 15 minutes
Related
auth_param basic program, auth_param basic children, auth_param basic realm
auth_param digest program
As with Basic authentication, this specifies the command to execute for the external Digest authentication program.
Syntax
auth_param digest program command ...
Default
No default
Example
auth_param digest program /usr/local/squid/libexec/digest_auth /usr/local/squid/etc/
digest_passwd
Related
auth_param digest children, auth_param digest realm, auth_param digest nonce_garbage_interval, auth_param digest nonce_max_duration, auth_param digest nonce_max_count
auth_param digest children
This is the number of Digest authentication helper processes that Squid uses.
Syntax
auth_param digest children count
Default
auth_param digest children 5
Example
auth_param digest children 11
Related
auth_param digest program, auth_param digest realm, auth_param digest nonce_garbage_interval, auth_param digest nonce_max_duration, auth_param digest nonce_max_count
auth_param digest realm
This is the Digest authentication realm that Squid sends in 407 (Proxy Authentication Required) responses. User agents typically display the realm string to the user when requesting a username and password. Refer to RFC 2617, Section 3.2.1.
Syntax
auth_param digest realm string
Default
No default
Example
auth_param digest realm Squid proxy-caching web server
Related
auth_param digest program, auth_param digest children, auth_param digest nonce_garbage_interval, auth_param digest nonce_max_duration, auth_param digest nonce_max_count
auth_param digest nonce_garbage_interval
As I explained in Section 12.3, a nonce is a special string of data that changes from time to time. Its purpose is to prevent replay attacks with captured digest authentication data.
Squid maintains a cache of nonce values it has sent to clients requiring authentication. This cache must be pruned occasionally