Re: Squid: problems with authentication of a user
Hi there,
I wouldn't like to use pam_auth but a file passwd in which I have all
my users (including myself w/ different password of my that I use to
log in my system.
I've read a doc about getpwnam_auth. So, I've change the following
line of my squid.conf:
auth_param basic program /usr/lib/squid/getpwnam_auth
and created the users w/ :
htpasswd passwor my_user
then typed the password as well for each user.
Using pam_auth I can do that w/ no problems. But I would like to
understand a way to concetrate all users just in one file (in my case
/etc/squid/passwd).
The logon screen has showed me up but I can't login on my proxy using
the users I typed into the file "/etc/squid/passwd". Can somebody help
me to fix it?
Thanks all,
Romulo Sousa
On 8/10/05, Paul Johnson <baloo@ursine.ca> wrote:
> On Wednesday 10 August 2005 12:03 pm, Romulo Sousa wrote:
> > I got a problem during the authentication process from my squid.
> > THe following erro message comes up my screen when I edit my
> > squid.conf:
> >
> > "Invalid Proxy Auth ACL 'acl remotenetwork proxy_auth my_user'
> > because no authentication schemes are fully configured.
> > FATAL: Bungled squid.conf line 14: acl remotenetwork proxy_auth
> > rssousa Squid Cache (Version 2.5.STABLE10): Terminated abnormally.
> > squid."
>
> It took me an extremely long time to understand PAM authentication in
> squid. This is where the documentation really could use an example,
> and one of those things that will make for great list archive fodder.
>
> This is what works for me:
>
> auth_param basic program /usr/lib/squid/pam_auth
> auth_param basic children 5
> auth_param basic realm Adzapping Squid
> auth_param basic credentialsttl 1 week
> acl password proxy_auth REQUIRED
> http_access allow password
>
> This uses the pam_auth program that comes with squid, spawns 5
> instances of that program, tells squid to call itself "Adzapping
> Squid"[1], and creates an ACL allowing people who "log in" to the
> squid to use it as an HTTP proxy.
>
> > Another doubt: is there any way to throw the messagem away from the
> > bottom when the service is stopped?
> > "Generated Tue, 09 Aug 2005 23:13:53 GMT by my_isp.com
> > (squid/2.5.STABLE10)" ?? The objective is avoid certain
> > reconnoissance of my machine.
>
> This one is in the FAQ.
> http://ursine.ca/cgi-bin/dwww?type=file&location=/usr/share/doc/squid/FAQ-10.html#ss10.24
>
>
> [1] I also use adzapper at my squid. If advertisers want to use my
> bandwidth, they damn well better be paying me for it because nobody
> invited them...
>
>
>
Reply to: