Note: Web proxy must be running in non-transparent (i.e., conventional) mode for authentication.
Authentication Method - Local
Local
The Local authentication method (auth_param basic programm) offers the possibility over an internal Squid function to authenticate users with password and user query for the Internet access via HTTP, HTTPS and authenticate WebFTP. To get into the "Global authentication settings", the "Authentication method" needs to be set to "local" and then the "Save and Reload" button should be clicked, whereupon this area should be opened.
Global authentication settings
Number of authentication processes
(auth_param basic children)
Specifies the authentication process which can be started. If more authentication processes are needed, so there may be delays during authentication. To correct this behavior, it would help to set the value up (default value are 5).
Authentication cache TTL (in minutes)
(auth_param basic credentialsttl)
Specifies the "time-to-live" value of the cached user data in minutes. This value is measured from the last request (default 60 min.) .
Limit of IP addresses per user
(acl concurrent max_user_ip)
Here you can set how many simultaneous logins per user are permitted (default is empty <-> means any number).
Require authentication for unrestricted source addresses
Unrestricted IP addresses are also subject to local authentication. If this option is disabled, an authentication does not apply to unrestricted IPs.
Authentication realm prompt
(auth_param basic realm)
Here, an individual created text can be edited which will be displayed during the authentication process.
Domains without authentication (one per line)
(dst_noauth.acl)
Defines domains which work also without authentication.
Local user authentication
Gives the ability to adjust the authentication setting.
Within User management the Username and Password can be edited. There are three different groups defined.
Extended
Users of this group are not limited by the Time restrictions, Transfer limits and the MIME type filter.
Standard
Users of this group are limited by the Time restrictions, Transfer limits and the MIME type filter.
Disabled
Users from this category are blocked in general.
Change the web access password by the users
By the usage of this address:
https://ipfire:444/cgi-bin/chpasswd.cgi
It is possible for the users without administrative access to the webinterface to change their password for the local authentication.