squid password

Posted on 2006-06-07
Last Modified: 2013-12-16
I have the following problem:
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:

- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)


- is there a way to use the shadow password file  so that
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program  /usr/lib/squid/<some program> /etc/shadow


Question by:illu666
    LVL 22

    Expert Comment


    The Squid source code comes with a few authentcation processes for Basic authentication. These include:

        * LDAP: Uses the Lightweight Directory Access Protocol
        * NCSA: Uses an NCSA-style username and password file.
        * MSNT: Uses a Windows NT authentication domain.
        * PAM: Uses the Linux Pluggable Authentication Modules scheme.
        * SMB: Uses a SMB server like Windows NT or Samba.
        * getpwam: Uses the old-fashioned Unix password file.
        * sasl: Uses SALS libraries.
        * winbind: Uses Samba authenticate in a Windows NT domain

    Yuu could use PAM (which enables you to use your /etc/passwd and /etc/shadow files?

    or if you want to use .htaccess:

    Loads of options..I've even found POP and IMAP authentication...but lets go for PAM, as that enables you to use the passwd/shadow files:)

    The squid.conf line you need is:

    auth_param basic program /usr/lib/squid/pam_auth

    Now create your PAM configuration file:

    Restart squid and you should be up and running.


    LVL 22

    Accepted Solution

    Guess I ought to finish this off, as I've found a few glitches in the setup:

    auth required /lib/security/
    account required /lib/security/

    needs to be in the /etc/pam.d/squid file, and I also had to suid as after test running under root account it was fine, but started correctly I got an error message "Too few basicauthenticator processes are running" which for 1 person is ridiculous. These errors came from /var/log/messages

    chmod 4755 /usr/lib/squid/pam_auth

    LVL 22

    Expert Comment

    After making a complete mess of my ACLs, I can recommend reading this:

    Phew...mines now working:)

    Author Comment

    i don't have any /etc/pam.d/squid file

    can i create it manually?

    auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
    wants the path to file /etc/squid/passwd
    in your example
    auth_param basic program /usr/lib/squid/pam_auth
    there is not
    is it right?

    Author Comment

    hehe it happens

    anyway i need a more complex acl...
    they want an ip class with autentication
    and another with it.

    but i already done some test, it should work

    LVL 22

    Expert Comment

    Yep just create the /etc/pam.d/squid file - it's merely a text file.

    pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.

    Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
    Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now