Generated Configuration Files

After you specify domain information, enable Kerberos, NTLM and basic LDAP authenticators you must click Save and Restart from Web UI. Web UI will then generate the number of files in the /opt/websafety/etc/squid folder.

Here is a short description of what most important these generated files means.

/opt/websafety/etc/krb5.conf

Configuration file for the Kerberos subsystem on the proxy. It contains settings what realm to connect to and cyphers to be used for encrypted Kerberos tickets. This file is read by the /opt/websafety/bin/wskrb5 authentication wrapper that adjusts Kerberos environment for default /usr/lib/squid/negotiate_wrapper_auth Squid authenticator.

/opt/websafety/etc/krb5.keytab

Contains Service Principal Name (SPN) and corresponding encrypted Kerberos tickets. It is directly used to verify identify of connecting browsers.

/opt/websafety/etc/squid/access_controls.conf

Contains predefined ACLs of localname, safe ports and methods in Squid. It is automatically included into topmost /opt/websafety/etc/squid/squid.conf file as indicated on the next step.

/opt/websafety/etc/squid/authentication.conf

Contains authenticating helper definitions for Kerberos, NTLM and Basic LDAP. This file gets generated based on authenticator settings adjusted in Web UI. It is automatically included into topmost /opt/websafety/etc/squid/squid.conf file as indicated on the next step.

/opt/websafety/etc/squid/authentication/exclude.conf

Contains exclusions from authentication by remote web site name, user name or IP address, user agent and other ACLs that are specified in UI / Squid / Exclusions. It is automatically included into topmost /opt/websafety/etc/squid/squid.conf file as indicated on the next step.