-
Notifications
You must be signed in to change notification settings - Fork 0
User management
#User management ###Notes
Since htpasswd 2.2.18 passwords are stored as MD5 hashes by default in the username and password database. If you want even more secure hashing use the -B flag for htpasswd when creating users or updating their passwords. This flag will use bcrypt for hashing of the passwords. bcrypt is more secure than MD5 but only supported since htpasswd 2.4. So you will need new package sources with Apache 2.4 which includes version 2.4 of htpasswd because not all supported operating systems are shipped with Apache 2.4 by default.
###Creating "passwd" file and the first user
By default SPI creates the username & password file and the first user during installation and asks you for the desired username and password. So this step is usually not necessary as it is done for you by SPI. However if you want to start over with a new and clean username and password database you need this step.
Below are the necessary commands to create a new username & password file and the first user corresponding to supported operating systems.
On CentOS 5, 6, 7 and Fedora please run the following command as root (or with sudo): htpasswd -c /etc/squid/passwd
On Debian 6, 7, 8 and Ubuntu please run the following command as root (or with sudo): htpasswd -c /etc/squid3/passwd
Replace with the desired username of the first user. You will be asked to enter the password for the new user and enter it a second time to confirm it. A restart of the Squid proxy service is not necessary. New users are instantly recognized and can login straight away.
This will override all users and passwords that were created before! Do not use this if you only want to remove certain users. If you wish to delete certain users continue to "Delete authorized proxy users".
###Add new authorized proxy users
Squid with username & password authentication through htpasswd and NCSA supports multiple proxy users and simultaneous login from various locations/connections.
Below are the necessary commands to add more authorized proxy users corresponding to supported operating systems.
To add new authorized proxy users on CentOS 5, 6, 7 and Fedora please run the following command as root (or with sudo): htpasswd /etc/squid/passwd
To add new authorized proxy users on Debian 6, 7, 8 and Ubuntu please run the following command as root (or with sudo): htpasswd /etc/squid3/passwd
Replace with the desired username of the new authorized user. You will be asked to enter the password for the new user and enter it a second time to confirm it. A restart of the Squid proxy service is not necessary. New users are instantly recognized and can login straight away.
Change passwords of existing users
htpasswd allows not only creation of flat file username and password databases but also their update. Therefore also passwords of existing authorized proxy users can be changed/recovered by the Squid proxy administrator.
To change the password for an existing authorized proxy user simply run the commands from "Add new authorized proxy users". You will be asked to enter a new password for the username you've set in the command and to confirm it by entering the password a second time. After that the password for the selected user has been updated.
As always a restart of the Squid proxy service is not necessary. Changes are going live straight away. However current active sessions will be using the old password until they expire (usually 2 hours unless it was changed by you).
###Delete authorized proxy users
If you no longer wish certain authorized users to access your proxy you can remove them from the username and password database and they won't be able to login and use your proxy ever again (unless you readd them).
Below are the commands to delete authorized proxy users from the username and password database corresponding to the supported operating systems.
To delete authorized proxy users on CentOS 5, 6, 7 and Fedora please run the following command as root (or with sudo): htpasswd -D /etc/squid/passwd
To delete authorized proxy users on Debian 6, 7, 8 and Ubuntu please run the following command as root (or with sudo): htpasswd -D /etc/squid3/passwd
Replace with the username of the authorized proxy user you want to remove. A restart of the Squid proxy service is not necessary. Once the current active session (if the user is logged in during the removal) has expired (usually after 2 hours unless it was changed by you) the user will no longer be able to use the username and password to login into the proxy.