Explicit Proxy Authentication¶
This type of proxy authentication is called explicit because the browsers are explicitly set to use the proxy and thus are able to supply credentials when proxy requires it. Upon first connection proxy will request user credentials from the browser (using such single-sign-on schemes as Kerberos or NTLM or asking user to type valid login/password into popup box) as described in https://wiki.squid-cache.org/Features/Authentication.
The following three types of explicit authentication is available in Admin UI.
Active Directory Authentication
Active Directory authentication allows Squid to limit access to proxy based on user names and security groups stored in Microsoft AD. It is possible to authenticate to AD using Kerberos, NTLM and/or Basic LDAP authentication schemes. Active Directory authentication is described in the article Integration with Microsoft Active Directory.
Local User Authentication
Local user authentication allows administrator to create a predefined list of users and passwords for this proxy. When a user tries to connect, a popup is presented with request to enter user credentials. Squid verifies the validity of provided credentials and allows or denies web access. This method of authentication is common in small networks with limited number of users.
Radius authentication allows administrator to authenticate proxy users with help of external Radius server. When a user tries to connect, a popup is presented requiring him to enter his credentials. Squid sends provided credentials to configured Radius server and allows or denies web access based on the Radius response.