illu666
asked on
squid password
I have the following problem:
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:
- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)
alternatively:
- is there a way to use the shadow password file so that
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program /usr/lib/squid/<some program> /etc/shadow
Thanks
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:
- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)
alternatively:
- is there a way to use the shadow password file so that
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program /usr/lib/squid/<some program> /etc/shadow
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After making a complete mess of my ACLs, I can recommend reading this:
http://www.linuxdevcenter.com/pub/a/linux/2001/08/09/authen_squid.html?page=2
Phew...mines now working:)
http://www.linuxdevcenter.com/pub/a/linux/2001/08/09/authen_squid.html?page=2
Phew...mines now working:)
ASKER
i don't have any /etc/pam.d/squid file
can i create it manually?
p.s.:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
wants the path to file /etc/squid/passwd
in your example
auth_param basic program /usr/lib/squid/pam_auth
there is not
is it right?
can i create it manually?
p.s.:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
wants the path to file /etc/squid/passwd
in your example
auth_param basic program /usr/lib/squid/pam_auth
there is not
is it right?
ASKER
hehe it happens
anyway i need a more complex acl...
they want an ip class with autentication
and another with it.
but i already done some test, it should work
thanks
anyway i need a more complex acl...
they want an ip class with autentication
and another with it.
but i already done some test, it should work
thanks
Yep just create the /etc/pam.d/squid file - it's merely a text file.
pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.
Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!
pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.
Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!
The Squid source code comes with a few authentcation processes for Basic authentication. These include:
* LDAP: Uses the Lightweight Directory Access Protocol
* NCSA: Uses an NCSA-style username and password file.
* MSNT: Uses a Windows NT authentication domain.
* PAM: Uses the Linux Pluggable Authentication Modules scheme.
* SMB: Uses a SMB server like Windows NT or Samba.
* getpwam: Uses the old-fashioned Unix password file.
* sasl: Uses SALS libraries.
* winbind: Uses Samba authenticate in a Windows NT domain
Yuu could use PAM (which enables you to use your /etc/passwd and /etc/shadow files?
or if you want to use .htaccess:
http://www.squid-cache.org/related-software.html#auth
Loads of options..I've even found POP and IMAP authentication...but lets go for PAM, as that enables you to use the passwd/shadow files:)
The squid.conf line you need is:
auth_param basic program /usr/lib/squid/pam_auth
Now create your PAM configuration file:
http://www.die.net/doc/linux/man/man8/pam_auth.8.html
Restart squid and you should be up and running.
HTH:)