Search squid archive

Re: getting getpwnam basic authentication working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



p cooper wrote:
Ive volunteered to setup one machine with 4 logins + content
filtering/time based ACL  for the 2 children  to replace ( and improve
on )  my sisters'  dying winXP machine.
I want to use basic authentication  ( less work for me and i think) and
none are particularly computer literate to mess  around at  all ( well
-yet)

OS = gentoo linux

ive compiled squid Squid Version 2.6.STABLE18 with configure options: '--enable-basic-auth-helpers=getpwnam'

Hmmm. From http://www.squid-cache.org/mail-archive/squid-users/200511/0423.html, "getpwnam supports non-shadow style password files using crypt hash format only."

bits of my squid conf

hepworth ~ # grep  ^[A-Za-z] /usr/local/squid/etc/squid.conf
auth_param basic program /usr/local/squid/libexec/getpwname_auth /etc/passwd

Paraphrasing the linked message, there are likely no passwords in /etc/passwd. Most recent systems use /etc/shadow to store passwords (with which you'd likely have better luck using pam_auth).

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl passwd proxy_auth
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow  passwd
http_access deny all
icp_access allow all
http_port 3128
logformat squid  %tl  %Ss/%03Hs  %rm %ru %ul   %mt
access_log /var/log/squid/access.log squid

The rest of it looks fine.

but the proxy wont let me through  when i enter he username and  unix
login password.

hepworth ~ # tail -n 3 /var/log/squid/access.log
 16/Mar/2008:12:08:44 +0000  TCP_DENIED/407  GET
http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
andrew   text/html
 16/Mar/2008:12:08:57 +0000  TCP_DENIED/407  GET
http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
andrew   text/html
 16/Mar/2008:12:09:00 +0000  TCP_DENIED/407  GET
http://en-us.start2.mozilla.com/favicon.ico -   text/html
hepworth ~ #

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux