Squid_ The Definitive Guide - Duane Wessels [189]
If Squid is very busy, you may want to clean the nonce cache more frequently to reduce the amount of time spent in the garbage collection function each time it runs.
Syntax
auth_param digest nonce_garbage_interval time-specification
Default
auth_param digest nonce_garbage_interval 5 minutes
Example
auth_param digest nonce_garbage_interval 5 minutes
Related
auth_param digest program, auth_param digest children, auth_param digest realm, auth_param digest nonce_max_duration, auth_param digest nonce_max_count
auth_param digest nonce_max_duration
This directive specifies how long a Digest nonce value remains valid. It is similar to the credentialsttl directive for Basic authentication.
If an attacker captures the client's digest authentication headers from an HTTP request, a simple replay attack provides authenticated access to Squid until the nonce value times out or until the maximum usage count is reached. Decrease this value to reduce that risk.
Syntax
auth_param digest nonce_max_duration time-specification
Default
auth_param digest nonce_max_duration 5 minutes
Example
auth_param digest nonce_max_duration 30 minutes
Related
auth_param digest program, auth_param digest children, auth_param digest realm, auth_param digest nonce_garbage_interval, auth_param digest nonce_max_count, auth_param basic credentialsttl
auth_param digest nonce_max_count
This directive specifies a limit on the number of requests for a Digest nonce value. If a client issues this many requests with the same nonce value, Squid invalidates it and causes a new one to be generated. See Section 4.3 of RFC 2617.
Syntax
auth_param digest nonce_max_count count
Default
auth_param digest nonce_max_count 50
Example
auth_param digest nonce_max_count 50
Related
auth_param digest program, auth_param digest children, auth_param digest realm, auth_param digest nonce_garbage_interval, auth_param digest nonce_max_duration
auth_param ntlm program
This directive specifies the command, including options, to execute for the external NTLM authentication program.
Syntax
auth_param ntlm program command
Default
No default
Example
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth /usr/local/
squid/etc/ntlm_db
Related
auth_param ntlm children, auth_param ntlm max_challenge_reuses, auth_param ntlm max_challenge_lifetime
auth_param ntlm children
Specifies the number of NTLM authentication helper process that Squid uses.
Syntax
auth_param ntlm children count
Default
auth_param ntlm children 5
Example
auth_param ntlm children 14
Related
auth_param ntlm program, auth_param ntlm max_challenge_reuses, auth_param ntlm max_challenge_lifetime
auth_param ntlm max_challenge_reuses
In Squid's NTLM implementation, the NTLM challenge token comes from the external helper process, rather than Squid itself. Each helper process generates its own challenge token. This directive specifies how many times each token may be reused. By default, the tokens are never reused. Challenge reuse is also subject to the max_challenge_lifetime restriction.
Syntax
auth_param ntlm max_challenge_reuses count
Default
auth_param ntlm max_challenge_reuses 0
Example
auth_param ntlm max_challenge_reuses 5
Related
auth_param ntlm program, auth_param ntlm children, auth_param ntlm max_challenge_lifetime
auth_param ntlm max_challenge_lifetime
This directive also controls whether the external NTML helper processes can reuse their challenge tokens. It specifies the maximum amount of time a single challenge can be used.
Syntax
auth_param ntlm max_challenge_lifetime time-specification
Default
auth_param ntlm max_challenge_lifetime 1 minute
Example
auth_param ntlm max_challenge_lifetime 2 minutes
Related
auth_param ntlm program, auth_param ntlm children, auth_param ntlm max_challenge_reuses
Name
authenticate_ttl
Synopsis
Squid maintains a cache