RE: squid user_auth

To: "Botha, Francois" <francoisb@thawte.com>
Cc: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
Subject: RE: squid user_auth
From: Ernest Johanson <ejohan@fuller.edu>
Date: Wed, 16 Jul 2003 11:27:19 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0307161111500.10995-100000@esther.fuller.edu>
In-reply-to: <[🔎] AC7E8D43F95DD041A175D19F74AAB2944B7C0B@zacapex01.cpt.thawte.com>

Right. Here localusers is the acl to require passwords.

What about the following:

>acl all src 0.0.0.0/0.0.0.0
>acl localnetwork proxy_auth 192.168.0.0/255.255.255.0

remove the proxy_auth here. The config file says that a list of usernames
follows proxy_auth, unless using REQUIRED keyword.

>acl localusers proxy_auth REQUIRED
>http_access deny !localnetwork
>http_access allow localusers

insert all after allow so that it reads:

http_access allow all localusers




Ernest Johanson
Systems Administrator
Fuller Theological Seminary


On Wed, 16 Jul 2003, Botha, Francois wrote:

> Date: Wed, 16 Jul 2003 16:20:00 +0200
> From: "Botha, Francois" <francoisb@thawte.com>
> To: "'ejohan@fuller.edu'" <ejohan@fuller.edu>
> Cc: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
> Subject: RE: squid user_auth
> 
> Hi,
> 
> "password"  is not a acl, I tried proxy_auth but still no go ):
> 
> Regards,
> FB
> 
> > -----Original Message-----
> > From: Ernest Johanson [mailto:ejohan@fuller.edu] 
> > Sent: 15 July 2003 19:30
> > To: Botha, Francois
> > Cc: Debian-User
> > Subject: Re: squid user_auth
> > 
> > 
> > Francois,
> > 
> > Try adding the keyword "password" to the end of your 
> > http_access allow directives. 
> > 
> > 
> > Ernest Johanson
> > Systems Administrator
> > Fuller Theological Seminary
> > 
> > 
> > On Tue, 15 Jul 2003, Botha, Francois wrote:
> > 
> > > Date: Tue, 15 Jul 2003 14:02:59 +0200
> > > From: "Botha, Francois" <francoisb@thawte.com>
> > > To: Debian-User <debian-user@lists.debian.org>
> > > Subject: squid user_auth
> > > 
> > > Hi,
> > > 
> > > I'm playing with squid-2.4.6-2 on a 3.0/stable machine and 
> > am having 
> > > problems with the user authentication bit. My 
> > authentication side of 
> > > the httpd.conf has:
> > > 
> > > -- snip --
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
> > > acl localusers proxy_auth REQUIRED
> > > http_access deny !localnetwork
> > > http_access allow localusers
> > > http_access allow localnetwork
> > > http_access deny all
> > > proxy_auth_realm Squid proxy-caching web server 
> > authenticate_program 
> > > /usr/lib/squid/ncsa_auth /etc/passwd.squid #authenticate_program 
> > > /usr/lib/squid/pam_auth #authenticate_program /tmp/test.sh
> > > -- /snip --
> > > 
> > > My squid dialog box pops up asking for username and 
> > password, I fill 
> > > this in (using ncsa_auth with /etc/passwd.squid with htpasswd -d 
> > > generated
> > > passwords) and the box just pops up again, nothing in any 
> > logs regarding
> > > this.
> > > When I use ncsa_auth from the commandline with "username 
> > password" i get the
> > > OK so all is well there.
> > > 
> > > I've tried the same with pam_auth, and it also just pops up 
> > again in 
> > > the browser as-if my password is wrong, yet again - if I 
> > run it from 
> > > the commandline, it's happy.
> > > 
> > > And yes, I have checked permissions of the /etc/passwd.squid, it is 
> > > only readable to the squid user (proxy), I've tried 
> > changing this to 
> > > a+rw out of desperateness but it's still acting the same way (:
> > > 
> > > I've also made a simple shell script in /tmp which prints 
> > $@ for me to 
> > > another file, squid executes this but passes nothing as a argument, 
> > > i've put a 'read' line in the script and passed that towards a file 
> > > aswell and also got nothing?!
> > > 
> > > -- snip --
> > > #!/bin/bash
> > > #
> > > 
> > > while true ; do
> > > echo I was passed $@ > /tmp/test.out
> > > read vars
> > > echo I was also passed $vars >> /tmp/test.out
> > > echo OK
> > > done
> > > -- /snip --
> > > 
> > > Output:
> > > 
> > > -- snip --
> > > I was passed
> > > -- /snip --
> > > 
> > > So, it does not get to filling in the read line bit?!
> > > 
> > > I've searched all I could online and the only real problem is with 
> > > permissions of the passwd file - which I know is not a 
> > problem. Does 
> > > anybody have any ideas?
> > > 
> > > Thanks,
> > > Francois Botha
> > > 
> > > Snr. Systems Engineer
> > > e-mail: francoisb@thawte.com
> > > http://www.thawte.com
> > > 
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact 
> > listmaster@lists.debian.org
> > 
>

Reply to:

References:
- RE: squid user_auth
  - From: "Botha, Francois" <francoisb@thawte.com>

Prev by Date: Re: [RFC] Initialisation of ssh-agent
Next by Date: linux 2.6-testX packages?
Previous by thread: RE: squid user_auth
Next by thread: RE: squid user_auth
Index(es):
- Date
- Thread