On 23/10/24 01:34, Piana, Josh wrote:
Amos,
Thank you for the update in regards to the credentials.
I looked into it a bit more to and it helped clear my misunderstanding.
The credentialstls configuration directive only controls how often these credentials are
internally verified by Squid. It means that if the browser is closed and then opened and
the browser pops up credential dialog, then it has nothing to do with Squid. It means
that the browser does not know what credentials it should pass to the proxy and therefore
asks to enter them. The credentialsttl configuration directive means, how often the
password should be "verified" after the last successful verification.
Correct.
I reviewed my authentication config and changed it.
Is this correct? We have a this setup via realmD, sssd, using Kerberos
authentication.
auth_param basic program /usr/lib64/squid/basic_pam_auth
auth_param basic children 10
auth_param basic keep_alive on
Per the docs "For Basic and Digest this parameter is ignored."
auth_param basic credentialsttl 2 hours
auth_param basic realm <redacted>
If that works for your needs it is good.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
