RE: squid user_auth
Right. Here localusers is the acl to require passwords.
What about the following:
>acl all src 0.0.0.0/0.0.0.0
>acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
remove the proxy_auth here. The config file says that a list of usernames
follows proxy_auth, unless using REQUIRED keyword.
>acl localusers proxy_auth REQUIRED
>http_access deny !localnetwork
>http_access allow localusers
insert all after allow so that it reads:
http_access allow all localusers
Ernest Johanson
Systems Administrator
Fuller Theological Seminary
On Wed, 16 Jul 2003, Botha, Francois wrote:
> Date: Wed, 16 Jul 2003 16:20:00 +0200
> From: "Botha, Francois" <francoisb@thawte.com>
> To: "'ejohan@fuller.edu'" <ejohan@fuller.edu>
> Cc: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
> Subject: RE: squid user_auth
>
> Hi,
>
> "password" is not a acl, I tried proxy_auth but still no go ):
>
> Regards,
> FB
>
> > -----Original Message-----
> > From: Ernest Johanson [mailto:ejohan@fuller.edu]
> > Sent: 15 July 2003 19:30
> > To: Botha, Francois
> > Cc: Debian-User
> > Subject: Re: squid user_auth
> >
> >
> > Francois,
> >
> > Try adding the keyword "password" to the end of your
> > http_access allow directives.
> >
> >
> > Ernest Johanson
> > Systems Administrator
> > Fuller Theological Seminary
> >
> >
> > On Tue, 15 Jul 2003, Botha, Francois wrote:
> >
> > > Date: Tue, 15 Jul 2003 14:02:59 +0200
> > > From: "Botha, Francois" <francoisb@thawte.com>
> > > To: Debian-User <debian-user@lists.debian.org>
> > > Subject: squid user_auth
> > >
> > > Hi,
> > >
> > > I'm playing with squid-2.4.6-2 on a 3.0/stable machine and
> > am having
> > > problems with the user authentication bit. My
> > authentication side of
> > > the httpd.conf has:
> > >
> > > -- snip --
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
> > > acl localusers proxy_auth REQUIRED
> > > http_access deny !localnetwork
> > > http_access allow localusers
> > > http_access allow localnetwork
> > > http_access deny all
> > > proxy_auth_realm Squid proxy-caching web server
> > authenticate_program
> > > /usr/lib/squid/ncsa_auth /etc/passwd.squid #authenticate_program
> > > /usr/lib/squid/pam_auth #authenticate_program /tmp/test.sh
> > > -- /snip --
> > >
> > > My squid dialog box pops up asking for username and
> > password, I fill
> > > this in (using ncsa_auth with /etc/passwd.squid with htpasswd -d
> > > generated
> > > passwords) and the box just pops up again, nothing in any
> > logs regarding
> > > this.
> > > When I use ncsa_auth from the commandline with "username
> > password" i get the
> > > OK so all is well there.
> > >
> > > I've tried the same with pam_auth, and it also just pops up
> > again in
> > > the browser as-if my password is wrong, yet again - if I
> > run it from
> > > the commandline, it's happy.
> > >
> > > And yes, I have checked permissions of the /etc/passwd.squid, it is
> > > only readable to the squid user (proxy), I've tried
> > changing this to
> > > a+rw out of desperateness but it's still acting the same way (:
> > >
> > > I've also made a simple shell script in /tmp which prints
> > $@ for me to
> > > another file, squid executes this but passes nothing as a argument,
> > > i've put a 'read' line in the script and passed that towards a file
> > > aswell and also got nothing?!
> > >
> > > -- snip --
> > > #!/bin/bash
> > > #
> > >
> > > while true ; do
> > > echo I was passed $@ > /tmp/test.out
> > > read vars
> > > echo I was also passed $vars >> /tmp/test.out
> > > echo OK
> > > done
> > > -- /snip --
> > >
> > > Output:
> > >
> > > -- snip --
> > > I was passed
> > > -- /snip --
> > >
> > > So, it does not get to filling in the read line bit?!
> > >
> > > I've searched all I could online and the only real problem is with
> > > permissions of the passwd file - which I know is not a
> > problem. Does
> > > anybody have any ideas?
> > >
> > > Thanks,
> > > Francois Botha
> > >
> > > Snr. Systems Engineer
> > > e-mail: francoisb@thawte.com
> > > http://www.thawte.com
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
>
Reply to: