Parameters for the basic scheme follow

=== Parameters for the basic scheme follow. ===
#
#    "program" cmdline
#    Specify the command for the external authenticator.  Such a program
#    reads a line containing "username password" and replies "OK" or
#    "ERR" in an endless loop. "ERR" responses may optionally be followed
#    by a error description available as %m in the returned error page.
#
#    By default, the basic authentication scheme is not used unless a
#    program is specified.
#
#    If you want to use the traditional proxy authentication, jump over to
#    the helpers/basic_auth/NCSA directory and type:
#        % make
#        % make install
#
#    Then, set this line to something like
#
#    auth_param basic program /usr/libexec/ncsa_auth /usr/etc/passwd
#
#    "children" numberofchildren
#    The number of authenticator processes to spawn. If you start too few
#    squid will have to wait for them to process a backlog of credential
#    verifications, slowing it down. When credential verifications are
#    done via a (slow) network you are likely to need lots of
#    authenticator processes.
#    auth_param basic children 5
#
#    "concurrency" numberofconcurrentrequests
#    The number of concurrent requests/channels the helper supports.
#    Changes the protocol used to include a channel number first on
#    the request/response line, allowing multiple requests to be sent
#    to the same helper in parallell without wating for the response.
#    Must not be set unless it's known the helper supports this.
#
#    "realm" realmstring
#    Specifies the realm name which is to be reported to the client for
#    the basic proxy authentication scheme (part of the text the user
#    will see when prompted their username and password).
#    auth_param basic realm Squid proxy-caching web server
#
#    "credentialsttl" timetolive
#    Specifies how long squid assumes an externally validated
#    username:password pair is valid for - in other words how often the
#    helper program is called for that user. Set this low to force
#    revalidation with short lived passwords.  Note that setting this high
#    does not impact your susceptibility to replay attacks unless you are
#    using an one-time password system (such as SecureID). If you are using
#    such a system, you will be vulnerable to replay attacks unless you
#    also use the max_user_ip ACL in an http_access rule.
#    auth_param basic credentialsttl 2 hours
#
#    "casesensitive" on|off
#    Specifies if usernames are case sensitive. Most user databases are
#    case insensitive allowing the same username to be spelled using both
#    lower and upper case letters, but some are case sensitive. This
#    makes a big difference for user_max_ip ACL processing and similar.
#    auth_param basic casesensitive off

READ MORE » Parameters for the basic scheme follow

Parameters for the basic scheme follow

=== Parameters for the basic scheme follow. ===
#
#    "program" cmdline
#    Specify the command for the external authenticator.  Such a program
#    reads a line containing "username password" and replies "OK" or
#    "ERR" in an endless loop. "ERR" responses may optionally be followed
#    by a error description available as %m in the returned error page.
#
#    By default, the basic authentication scheme is not used unless a
#    program is specified.
#
#    If you want to use the traditional proxy authentication, jump over to
#    the helpers/basic_auth/NCSA directory and type:
#        % make
#        % make install
#
#    Then, set this line to something like
#
#    auth_param basic program /usr/libexec/ncsa_auth /usr/etc/passwd
#
#    "children" numberofchildren
#    The number of authenticator processes to spawn. If you start too few
#    squid will have to wait for them to process a backlog of credential
#    verifications, slowing it down. When credential verifications are
#    done via a (slow) network you are likely to need lots of
#    authenticator processes.
#    auth_param basic children 5
#
#    "concurrency" numberofconcurrentrequests
#    The number of concurrent requests/channels the helper supports.
#    Changes the protocol used to include a channel number first on
#    the request/response line, allowing multiple requests to be sent
#    to the same helper in parallell without wating for the response.
#    Must not be set unless it's known the helper supports this.
#
#    "realm" realmstring
#    Specifies the realm name which is to be reported to the client for
#    the basic proxy authentication scheme (part of the text the user
#    will see when prompted their username and password).
#    auth_param basic realm Squid proxy-caching web server
#
#    "credentialsttl" timetolive
#    Specifies how long squid assumes an externally validated
#    username:password pair is valid for - in other words how often the
#    helper program is called for that user. Set this low to force
#    revalidation with short lived passwords.  Note that setting this high
#    does not impact your susceptibility to replay attacks unless you are
#    using an one-time password system (such as SecureID). If you are using
#    such a system, you will be vulnerable to replay attacks unless you
#    also use the max_user_ip ACL in an http_access rule.
#    auth_param basic credentialsttl 2 hours
#
#    "casesensitive" on|off
#    Specifies if usernames are case sensitive. Most user databases are
#    case insensitive allowing the same username to be spelled using both
#    lower and upper case letters, but some are case sensitive. This
#    makes a big difference for user_max_ip ACL processing and similar.
#    auth_param basic casesensitive off

READ MORE » Parameters for the basic scheme follow

WELCOME TO SQUID 2.6.STABLE21

#    WELCOME TO SQUID 2.6.STABLE21
#    ----------------------------
#
#    This is the default Squid configuration file. You may wish
#    to look at the Squid home page (http://www.squid-cache.org/)
#    for the FAQ and other documentation.
#
#    The default Squid config file shows what the defaults for
#    various options happen to be.  If you don't need to change the
#    default, you shouldn't uncomment the line.  Doing so may cause
#    run-time problems.  In some cases "none" refers to no default
#    setting at all, while in other cases it refers to a valid
#    option - the comments for that keyword indicate if this is the
#    case.
#


# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------

#  TAG: auth_param
#    This is used to define parameters for the various authentication
#    schemes supported by Squid.
#
#    format: auth_param scheme parameter [setting]
#
#    The order in which authentication schemes are presented to the client is
#    dependent on the order the scheme first appears in config file. IE
#    has a bug (it's not RFC 2617 compliant) in that it will use the basic
#    scheme if basic is the first entry presented, even if more secure
#    schemes are presented. For now use the order in the recommended
#    settings section below. If other browsers have difficulties (don't
#    recognize the schemes offered even if you are using basic) either
#    put basic first, or disable the other schemes (by commenting out their
#    program entry).
#
#    Once an authentication scheme is fully configured, it can only be
#    shutdown by shutting squid down and restarting. Changes can be made on
#    the fly and activated with a reconfigure. I.E. You can change to a
#    different helper, but not unconfigure the helper completely.
#
#    Please note that while this directive defines how Squid processes
#    authentication it does not automatically activate authentication.
#    To use authentication you must in addition make use of ACLs based
#    on login name in http_access (proxy_auth, proxy_auth_regex or
#    external with %LOGIN used in the format tag). The browser will be
#    challenged for authentication on the first such acl encountered
#    in http_access processing and will also be re-challenged for new
#    login credentials if the request is being denied by a proxy_auth
#    type acl.
#
#    WARNING: authentication can't be used in a transparently intercepting
#    proxy as the client then thinks it is talking to an origin server and
#    not the proxy. This is a limitation of bending the TCP/IP protocol to
#    transparently intercepting port 80, not a limitation in Squid.
#
#    === Parameters for the basic scheme follow. ===

READ MORE » WELCOME TO SQUID 2.6.STABLE21