On 24/12/2013 9:35 p.m., ana any wrote: > > > Greeting, > > I installed squid 3.3.9 on debian, but I don't have access to cache manager with authentication :( > If I remove "http_access allow authenticated" line, then I have access. > > Here is a part of my config: > > cache_mgr admin@xxxxxxxxxxx > cachemgr_passwd MYPASS all > > auth_param digest program /usr/local/squid/libexec/digest_file_auth -c /home/passwd.htdigest > auth_param digest children 5 > auth_param digest realm ProxyServer > auth_param digest nonce_garbage_interval 5 minutes > auth_param digest > nonce_max_duration 30 minutes > auth_param digest nonce_max_count 50 > acl authenticated proxy_auth REQUIRED > http_access allow authenticated > > What's wrong with it?! > Any helps would be appreciated. > What should be happening is one of: * forward-proxy ports: - your proxy challenges for proxy-auth credentials using Digest and uses your helper to validate those Digest credentials. - when those are presented and accepted, - the cachemgr challenges for www-auth using Basic and uses your cachemgr_passwd settings to validate these Basic credentials. * reverse-proxy ports: - your proxy challenges for www-auth credentials using Digest and uses your helper to validate those Digest credentials. - when those are presented and accepted, - the cachemgr attempts to locate www-auth Basic credentials an fails. (If you were authenticating with Basic for the proxy and the users password matched cachemgr_passwd this might go through as above). * transparent intercept ports - your proxy ignores the request and passes it on to the server upstream. How does the HTTP traffic you are seeing match up with that description? Alternatively could you be hitting one of the bugs which appear to be in Squid Digest implementation? there are a few which result in erroneous rejections. As a workaround you could set "cachemgr_passwd none all" and rely on the Digest authentication and "manager" ACL to filter people who are logged in whether they can access the cachemgr or not. Amos