Amos, Thank you for the update in regards to the credentials. I looked into it a bit more to and it helped clear my misunderstanding. The credentialstls configuration directive only controls how often these credentials are internally verified by Squid. It means that if the browser is closed and then opened and the browser pops up credential dialog, then it has nothing to do with Squid. It means that the browser does not know what credentials it should pass to the proxy and therefore asks to enter them. The credentialsttl configuration directive means, how often the password should be "verified" after the last successful verification. I reviewed my authentication config and changed it. Is this correct? We have a this setup via realmD, sssd, using Kerberos authentication. auth_param basic program /usr/lib64/squid/basic_pam_auth auth_param basic children 10 auth_param basic keep_alive on auth_param basic credentialsttl 2 hours auth_param basic realm <redacted> -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Tuesday, October 22, 2024 6:05 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Unable to access a device over port 4434 Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 19/10/24 08:52, Piana, Josh wrote: > > On a separate note, what would cause me to need to authenticate everytime I open a new browser? My credentials are supposed to last a week. > HTTP requires every request to be authenticated. I assume you mean a popup appears? that would be a Browser decision. To save across Browser being restarted your credentials need to be added to their "Password Manager". > Here's my authentication config: > > ##### > auth_param basic program /usr/lib64/squid/basic_pam_auth auth_param > negotiate children 10 auth_param negotiate keep_alive on auth_param > basic credentialsttl 1 week> acl kerb-auth proxy_auth REQUIRED ##### FYI: Configuring "auth_param negotiate" without an "auth_param negotiate program ..." line does nothing. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
