Simon Brereton wrote:
-----Original Message-----
From: Amos Jeffries
Sent: Wednesday, April 28, 2010 8:36 PM
A general note;
Etch is soon to be on the pile of obsolete Deabian release. If you
can please upgrade to the current Debian stable.
Worst case please upgrade to the backports.org version of squid3.
I'm dreading this - but yes, it's on the roadmap. But the Squid package was the latest.
and this resource is not terrible verbose:
http://www.squid-
cache.org/Versions/v3/HEAD/manuals/basic_sasl_auth.8.html
Any useful additions welcome. :)
Gladly! As soon as I get it working/understand what the hell I'm doing.. :)
my squid.conf looks like this:
1742 auth_param basic program /usr/lib/squid3/sasl_auth
/etc/postfix/sasl/smtpd.conf
Does it actually need the config file listed? My understanding was
that placing it in /usr/lib/sasl caused SASL to load it automatically
as needed.
Interesting - part of the problem I guess is that I didn't really understand the sasl mech when I set it up - and I can't really remember what I did. I only have .h and .c files in /usr/lib/sasl - after a bit of looking I found a file at /etc/default/saslauth that seems to list the config options for sasl. What I don't seem to be able to do at the moment is to tell /usr/lib/squid3/sasl_auth where or to do what it needs to do. (The file /etc/postfix/sasl/smtpd.conf tells saslauth what query to run on the DB to compare credentials. I'll keep trying.
Trying
/usr/sbin/squid3 from the commandline with -d9 -N gives me too much
information although I'm trying now to trap it and see, but having
spent
48
hours to get this far, I thought I'd ask. It's probably as simple
as
fixing line 1742, but I'd appreciate any pointers in doing that.
If this way gets too much there are two other helpers which may be an
option for you:
POP3 helper (squid tries to use the credentials to login to the POP
server and uses the success/fail result from that).
DB helper (Squid passes an SQL query direct to the MySQL database.
Using the success/fail of that as the result)
Frankly, either would be fine.. In fact, that's all that SASL is doing. The only reason I went for SASL was because it was the only thing I could find that seemed relevant to my system. MYSQL would be more than adequate since it removes the middle-man.. However, I don't find documentation on this. Can you point me to some?
I found this: http://www.squid-cache.org/Versions/v3/HEAD/manuals/basic_db_auth but I can't find db_auth.pl on my system so I don't know what to put for the auth_param basic program..
Thats manual you found is pretty much the entire documentation for the
DB helper. It does not mention that the --cond parameter can take a
whole string of complex condition if its quoted with "".
Luckily that latter is a perl script. I have a temporary copy here:
http://treenet.co.nz/projects/squid/src/helpers/basic_auth/DB/basic_db_auth.in
Just needs:
alter the @PERL@ in the first line
remove the file extension.
chmod / chown to the squid user with read/execute privileges.
configure squid.conf
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.1
