[squid-users] Unable to access a device over port 4434
Piana, Josh
Josh.Piana at hexcel.com
Tue Oct 22 12:34:34 UTC 2024
Amos,
Thank you for the update in regards to the credentials.
I looked into it a bit more to and it helped clear my misunderstanding.
The credentialstls configuration directive only controls how often these credentials are internally verified by Squid. It means that if the browser is closed and then opened and the browser pops up credential dialog, then it has nothing to do with Squid. It means that the browser does not know what credentials it should pass to the proxy and therefore asks to enter them. The credentialsttl configuration directive means, how often the password should be "verified" after the last successful verification.
I reviewed my authentication config and changed it.
Is this correct? We have a this setup via realmD, sssd, using Kerberos authentication.
auth_param basic program /usr/lib64/squid/basic_pam_auth
auth_param basic children 10
auth_param basic keep_alive on
auth_param basic credentialsttl 2 hours
auth_param basic realm <redacted>
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Tuesday, October 22, 2024 6:05 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Unable to access a device over port 4434
Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 19/10/24 08:52, Piana, Josh wrote:
>
> On a separate note, what would cause me to need to authenticate everytime I open a new browser? My credentials are supposed to last a week.
>
HTTP requires every request to be authenticated.
I assume you mean a popup appears? that would be a Browser decision.
To save across Browser being restarted your credentials need to be added to their "Password Manager".
> Here's my authentication config:
>
> #####
> auth_param basic program /usr/lib64/squid/basic_pam_auth auth_param
> negotiate children 10 auth_param negotiate keep_alive on auth_param
> basic credentialsttl 1 week> acl kerb-auth proxy_auth REQUIRED #####
FYI: Configuring "auth_param negotiate" without an "auth_param negotiate program ..." line does nothing.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list