Search squid archive

Re: Problem in access to cache manager

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



thanks Amos
i set "cachemgr_passwd none all", even if i remove user and password for cache manager, it doesn't work yet with authenticatin!
i searched in bugzilla and didn't find any bug about this problem.




On Wednesday, December 25, 2013 1:55 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 24/12/2013 9:35 p.m., ana any wrote:

> 
> 
> Greeting,
> 
> I installed squid 3.3.9 on debian, but I don't have access to cache manager with authentication :(
> If I remove "http_access allow authenticated" line, then I have access.
> 
> Here is a part of my config:
> 
> cache_mgr admin@xxxxxxxxxxx
> cachemgr_passwd MYPASS all
> 
> auth_param digest program /usr/local/squid/libexec/digest_file_auth -c /home/passwd.htdigest
>  auth_param digest children 5
>  auth_param digest realm ProxyServer
>  auth_param digest nonce_garbage_interval 5 minutes
>  auth_param digest
> nonce_max_duration 30 minutes
>  auth_param digest nonce_max_count 50
> acl authenticated proxy_auth REQUIRED
> http_access allow authenticated
> 
> What's wrong with it?!
> Any helps would be appreciated.
> 

What should be happening is one of:

* forward-proxy ports:
- your proxy challenges for proxy-auth credentials using Digest and
uses your helper to validate those Digest credentials.
- when those are presented and accepted,
- the cachemgr challenges for www-auth using Basic and uses your
cachemgr_passwd settings to validate these Basic credentials.

* reverse-proxy ports:
- your proxy challenges for www-auth credentials using Digest and uses
your helper to validate those Digest credentials.
- when those are presented and accepted,
- the cachemgr attempts to locate www-auth Basic credentials an fails.
   (If you were authenticating with Basic for the proxy and the users
password matched cachemgr_passwd this might go through as above).

* transparent intercept ports
- your proxy ignores the request and passes it on to the server upstream.

How does the HTTP traffic you are seeing match up with that description?


Alternatively could you be hitting one of the bugs which appear to be in
Squid Digest implementation? there are a few which result in erroneous
rejections.


As a workaround you could set "cachemgr_passwd none all" and rely on the
Digest authentication and "manager" ACL to filter people who are logged
in whether they can access the cachemgr or not.

Amos






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux