> > 1) I got "pam_auth.c:74:31: error: security/pam_appl.h: No such file > > or directory" when compiling squid-2.6.STABLE16-20070916. I found a > > nearly identical instance in the list archive more than a year ago. > > That got me looking into the pam-devel on my host os--Mac OS X 10.4. > > It turns out pam_appl.h is located in /usr/include/pam/ on OS X 10.4 > > and 10.3, rather than /usr/include/security. A symbolic link takes > > care of it. I wonder, however, if the developers are open to > > accommodating this type of OS-specific peculiarities by adjusting > > during ./configure based on --host=. > > so we need a configure test to see which of the two is available, and > include the proper one.. > > (should not make that decision based on the host type) Thanks, Henrik. > > 2) I narrowed down the cause of my inability to log into several sites > > to the last line in the 'http_anonymizer paranoid' emulation of > > squid-2.6 that I was using, namely: "header_access All deny all". I'd > > like to find out what headers these sites need to see. Could anyone > > let me know the debug_options number for header_access without going > > full bore to "debug_options ALL,9"? Currently I'm aware of 33 for > > reply_mime_type and 28 for ACL debugging. Is there a quick list of all > > the debug option numbers, without resorting to reading the source > > code? > > Usually login problems means you have blocked cookies.. > I find "header_access All deny all" appears to be responsible for the cookie blocking. I'd like to find out what additional header_access I need to allow to let these cookies through. Would enabling header_access debug help in this regard? Could you point me to a list of all the possible debug_options, other than the source code? =D Here's the header_access portion of my squid.conf #Default: # none header_access User-Agent deny all header_access Allow allow all header_access Authorization allow all header_access WWW-Authenticate allow all header_access Cache-Control allow all header_access Content-Encoding allow all # to reproduce the old 'http_anonymizer paranoid' feature, as shown in the default squid.conf header_access Allow allow all (snipped for brevity) header_access All deny all I used Firefox extension LiveHTTPHeader to capture the difference (trying to) logging into youtube, with the only change to squid.conf being "header_access All deny all" is disabled for the session to the right. http://www.youtube.com/login?next=/index^M http://www.youtube.com/login?next=/index^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ; ^M ^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ POST /login?next=/index HTTP/1.1^M POST /login?next=/index HTTP/1.1^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Host: www.youtube.com^M Host: www.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^M User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Accept: text/xml,application/xml,application/xhtml+xml,text/h^M Accept: text/xml,application/xml,application/xhtml+xml,text/h^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Accept-Language: en,en-us;q=0.5^M Accept-Language: en,en-us;q=0.5^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Accept-Encoding: gzip,deflate^M Accept-Encoding: gzip,deflate^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^M Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Keep-Alive: 300^M Keep-Alive: 300^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Proxy-Connection: keep-alive^M Proxy-Connection: keep-alive^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Referer: http://www.youtube.com/login?next=/index^M Referer: http://www.youtube.com/login?next=/index ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^M Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Content-Type: application/x-www-form-urlencoded^M Content-Type: application/x-www-form-urlencoded^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Content-Length: 89^M Content-Length: 89^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ current_form=loginForm&next=%2Findex&username=a6u5e&password=^M current_form=loginForm&next=%2Findex&username=a6u5e&password=^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ HTTP/1.x 303 See Other^M HTTP/1.x 303 See Other^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Date: Wed, 19 Sep 2007 00:46:53 GMT^M | Date: Wed, 19 Sep 2007 00:48:29 GMT^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ > Server: Apache^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ > Set-Cookie: LOGIN_INFO=fad04c4763311f496b3a8a54e4ac17e5e3QgAA^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ > Set-Cookie: SOM=; path=/; domain=.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ > Set-Cookie: TSOM=; path=/; domain=.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Cache-Control: no-cache^M Cache-Control: no-cache^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ (snipped for brevity...)ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ > > 3) Does the latest squid-2.6 still need the digest-auth-helper from > > squid-3PRE if I want to use digest password? Is this going to change? > > Squid-2.6 has the same digest helper as Squid-3. Good to know. Glad I asked. > > 4) What are the possible squid storeio options on Mac OS X (HFS+ or > > UFS format)? So far it seems I have to either accept the default (UFS) > > even though my disk is formatted HFS+, or --enable-storeio=null. > > Anything else I tried had failed. Is there a matrix of all the storeio > > possibilities for every OS squid has been compiled on? > > only ufs and null I am afraid.. Max OS X do not provide the factilities > needed for either aufs or diskd.. and coss is still experimental. > > the name ufs has no relation to the actual filesystem type used by your > OS. It's just Squid's name for "cache ontop of unix-like filesystem". A > better name would be "simple" with aufs being "threaded". Would aufs and diskd be valid options for squid on Mac OS X if ZFS becomes available for OS X as long rumored? Finally, question 5) that I've meant to ask for a long time: I find I always have to issue "squid -k shutdown" at least twice, before squid would shut down. Not too surprisingly "squid -k kill" only needs to be issued once. I'm curious what's causing squid's "resiliency" in the face of "squid -k shutdown"? Does it have anything to do with the 8 squidGuard redirect_children in my setup?
