[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: squid user_auth



Thanks!

Works great, proxy_auth has to be replaced with src though otherwise its a
syntax error (:

Regards,
FB

> -----Original Message-----
> From: Ernest Johanson [mailto:ejohan@fuller.edu] 
> Sent: 16 July 2003 21:09
> To: Botha, Francois
> Cc: 'debian-user@lists.debian.org'
> Subject: RE: squid user_auth
> 
> 
> Right. Here localusers is the acl to require passwords.
> 
> What about the following:
> 
> >acl all src 0.0.0.0/0.0.0.0
> >acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
> 
> remove the proxy_auth here. The config file says that a list 
> of usernames follows proxy_auth, unless using REQUIRED keyword.
> 
> >acl localusers proxy_auth REQUIRED
> >http_access deny !localnetwork
> >http_access allow localusers
> 
> insert all after allow so that it reads:
> 
> http_access allow all localusers
> 
> 
> 
> 
> Ernest Johanson
> Systems Administrator
> Fuller Theological Seminary
> 
> 
> On Wed, 16 Jul 2003, Botha, Francois wrote:
> 
> > Date: Wed, 16 Jul 2003 16:20:00 +0200
> > From: "Botha, Francois" <francoisb@thawte.com>
> > To: "'ejohan@fuller.edu'" <ejohan@fuller.edu>
> > Cc: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
> > Subject: RE: squid user_auth
> > 
> > Hi,
> > 
> > "password"  is not a acl, I tried proxy_auth but still no go ):
> > 
> > Regards,
> > FB
> > 
> > > -----Original Message-----
> > > From: Ernest Johanson [mailto:ejohan@fuller.edu]
> > > Sent: 15 July 2003 19:30
> > > To: Botha, Francois
> > > Cc: Debian-User
> > > Subject: Re: squid user_auth
> > > 
> > > 
> > > Francois,
> > > 
> > > Try adding the keyword "password" to the end of your
> > > http_access allow directives. 
> > > 
> > > 
> > > Ernest Johanson
> > > Systems Administrator
> > > Fuller Theological Seminary
> > > 
> > > 
> > > On Tue, 15 Jul 2003, Botha, Francois wrote:
> > > 
> > > > Date: Tue, 15 Jul 2003 14:02:59 +0200
> > > > From: "Botha, Francois" <francoisb@thawte.com>
> > > > To: Debian-User <debian-user@lists.debian.org>
> > > > Subject: squid user_auth
> > > > 
> > > > Hi,
> > > > 
> > > > I'm playing with squid-2.4.6-2 on a 3.0/stable machine and
> > > am having
> > > > problems with the user authentication bit. My
> > > authentication side of
> > > > the httpd.conf has:
> > > > 
> > > > -- snip --
> > > > acl all src 0.0.0.0/0.0.0.0
> > > > acl localnetwork proxy_auth 192.168.0.0/255.255.255.0
> > > > acl localusers proxy_auth REQUIRED
> > > > http_access deny !localnetwork
> > > > http_access allow localusers
> > > > http_access allow localnetwork
> > > > http_access deny all
> > > > proxy_auth_realm Squid proxy-caching web server
> > > authenticate_program
> > > > /usr/lib/squid/ncsa_auth /etc/passwd.squid #authenticate_program
> > > > /usr/lib/squid/pam_auth #authenticate_program /tmp/test.sh
> > > > -- /snip --
> > > > 
> > > > My squid dialog box pops up asking for username and
> > > password, I fill
> > > > this in (using ncsa_auth with /etc/passwd.squid with htpasswd -d
> > > > generated
> > > > passwords) and the box just pops up again, nothing in any 
> > > logs regarding
> > > > this.
> > > > When I use ncsa_auth from the commandline with "username
> > > password" i get the
> > > > OK so all is well there.
> > > > 
> > > > I've tried the same with pam_auth, and it also just pops up
> > > again in
> > > > the browser as-if my password is wrong, yet again - if I
> > > run it from
> > > > the commandline, it's happy.
> > > > 
> > > > And yes, I have checked permissions of the 
> /etc/passwd.squid, it 
> > > > is
> > > > only readable to the squid user (proxy), I've tried 
> > > changing this to
> > > > a+rw out of desperateness but it's still acting the same way (:
> > > > 
> > > > I've also made a simple shell script in /tmp which prints
> > > $@ for me to
> > > > another file, squid executes this but passes nothing as a 
> > > > argument,
> > > > i've put a 'read' line in the script and passed that 
> towards a file 
> > > > aswell and also got nothing?!
> > > > 
> > > > -- snip --
> > > > #!/bin/bash
> > > > #
> > > > 
> > > > while true ; do
> > > > echo I was passed $@ > /tmp/test.out
> > > > read vars
> > > > echo I was also passed $vars >> /tmp/test.out
> > > > echo OK
> > > > done
> > > > -- /snip --
> > > > 
> > > > Output:
> > > > 
> > > > -- snip --
> > > > I was passed
> > > > -- /snip --
> > > > 
> > > > So, it does not get to filling in the read line bit?!
> > > > 
> > > > I've searched all I could online and the only real 
> problem is with
> > > > permissions of the passwd file - which I know is not a 
> > > problem. Does
> > > > anybody have any ideas?
> > > > 
> > > > Thanks,
> > > > Francois Botha
> > > > 
> > > > Snr. Systems Engineer
> > > > e-mail: francoisb@thawte.com
> > > > http://www.thawte.com
> > > > 
> > > 
> > > 
> > > --
> > > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> > > with a subject of "unsubscribe". Trouble? Contact 
> > > listmaster@lists.debian.org
> > > 
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 



Reply to: