squid user_auth
Hi,
I'm playing with squid-2.4.6-2 on a 3.0/stable machine and am having
problems with the user authentication bit.
My authentication side of the httpd.conf has:
-- snip --
acl all src 0.0.0.0/0.0.0.0
acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
acl localusers proxy_auth REQUIRED
http_access deny !localnetwork
http_access allow localusers
http_access allow localnetwork
http_access deny all
proxy_auth_realm Squid proxy-caching web server
authenticate_program /usr/lib/squid/ncsa_auth /etc/passwd.squid
#authenticate_program /usr/lib/squid/pam_auth
#authenticate_program /tmp/test.sh
-- /snip --
My squid dialog box pops up asking for username and password, I fill this in
(using ncsa_auth with /etc/passwd.squid with htpasswd -d generated
passwords) and the box just pops up again, nothing in any logs regarding
this.
When I use ncsa_auth from the commandline with "username password" i get the
OK so all is well there.
I've tried the same with pam_auth, and it also just pops up again in the
browser as-if my password is wrong, yet again - if I run it from the
commandline, it's happy.
And yes, I have checked permissions of the /etc/passwd.squid, it is only
readable to the squid user (proxy), I've tried changing this to a+rw out of
desperateness but it's still acting the same way (:
I've also made a simple shell script in /tmp which prints $@ for me to
another file, squid executes this but passes nothing as a argument, i've put
a 'read' line in the script and passed that towards a file aswell and also
got nothing?!
-- snip --
#!/bin/bash
#
while true ; do
echo I was passed $@ > /tmp/test.out
read vars
echo I was also passed $vars >> /tmp/test.out
echo OK
done
-- /snip --
Output:
-- snip --
I was passed
-- /snip --
So, it does not get to filling in the read line bit?!
I've searched all I could online and the only real problem is with
permissions of the passwd file - which I know is not a problem. Does anybody
have any ideas?
Thanks,
Francois Botha
Snr. Systems Engineer
e-mail: francoisb@thawte.com
http://www.thawte.com
Reply to: