p cooper wrote:
Ive volunteered to setup one machine with 4 logins + content
filtering/time based ACL for the 2 children to replace ( and improve
on ) my sisters' dying winXP machine.
I want to use basic authentication ( less work for me and i think) and
none are particularly computer literate to mess around at all ( well
-yet)
OS = gentoo linux
ive compiled squid Squid Version 2.6.STABLE18 with configure options:
'--enable-basic-auth-helpers=getpwnam'
Hmmm. From
http://www.squid-cache.org/mail-archive/squid-users/200511/0423.html,
"getpwnam supports non-shadow style password files using crypt hash
format only."
bits of my squid conf
hepworth ~ # grep ^[A-Za-z] /usr/local/squid/etc/squid.conf
auth_param basic program /usr/local/squid/libexec/getpwname_auth /etc/passwd
Paraphrasing the linked message, there are likely no passwords in
/etc/passwd. Most recent systems use /etc/shadow to store passwords
(with which you'd likely have better luck using pam_auth).
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl passwd proxy_auth
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow passwd
http_access deny all
icp_access allow all
http_port 3128
logformat squid %tl %Ss/%03Hs %rm %ru %ul %mt
access_log /var/log/squid/access.log squid
The rest of it looks fine.
but the proxy wont let me through when i enter he username and unix
login password.
hepworth ~ # tail -n 3 /var/log/squid/access.log
16/Mar/2008:12:08:44 +0000 TCP_DENIED/407 GET
http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
andrew text/html
16/Mar/2008:12:08:57 +0000 TCP_DENIED/407 GET
http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
andrew text/html
16/Mar/2008:12:09:00 +0000 TCP_DENIED/407 GET
http://en-us.start2.mozilla.com/favicon.ico - text/html
hepworth ~ #
Chris