?
Solved

squid password

Posted on 2006-06-07
6
Medium Priority
?
1,145 Views
Last Modified: 2013-12-16
I have the following problem:
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:

- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)

alternatively:

- is there a way to use the shadow password file  so that
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program  /usr/lib/squid/<some program> /etc/shadow


Thanks

0
Comment
Question by:illu666
  • 4
  • 2
6 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16850547
From http://www.squid-cache.org/Doc/FAQ/FAQ-23.html:

The Squid source code comes with a few authentcation processes for Basic authentication. These include:

    * LDAP: Uses the Lightweight Directory Access Protocol
    * NCSA: Uses an NCSA-style username and password file.
    * MSNT: Uses a Windows NT authentication domain.
    * PAM: Uses the Linux Pluggable Authentication Modules scheme.
    * SMB: Uses a SMB server like Windows NT or Samba.
    * getpwam: Uses the old-fashioned Unix password file.
    * sasl: Uses SALS libraries.
    * winbind: Uses Samba authenticate in a Windows NT domain

Yuu could use PAM (which enables you to use your /etc/passwd and /etc/shadow files?

or if you want to use .htaccess:

http://www.squid-cache.org/related-software.html#auth

Loads of options..I've even found POP and IMAP authentication...but lets go for PAM, as that enables you to use the passwd/shadow files:)

The squid.conf line you need is:

auth_param basic program /usr/lib/squid/pam_auth

Now create your PAM configuration file:

http://www.die.net/doc/linux/man/man8/pam_auth.8.html

Restart squid and you should be up and running.

HTH:)



0
 
LVL 22

Accepted Solution

by:
pjedmond earned 750 total points
ID: 16850786
Guess I ought to finish this off, as I've found a few glitches in the setup:

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

needs to be in the /etc/pam.d/squid file, and I also had to suid as after test running under root account it was fine, but started correctly I got an error message "Too few basicauthenticator processes are running" which for 1 person is ridiculous. These errors came from /var/log/messages

chmod 4755 /usr/lib/squid/pam_auth

HTH:)
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16850816
After making a complete mess of my ACLs, I can recommend reading this:

http://www.linuxdevcenter.com/pub/a/linux/2001/08/09/authen_squid.html?page=2

Phew...mines now working:)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:illu666
ID: 16850871
i don't have any /etc/pam.d/squid file

can i create it manually?

p.s.:
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
wants the path to file /etc/squid/passwd
in your example
auth_param basic program /usr/lib/squid/pam_auth
there is not
is it right?
0
 

Author Comment

by:illu666
ID: 16850919
hehe it happens

anyway i need a more complex acl...
they want an ip class with autentication
and another with it.

but i already done some test, it should work
thanks

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16852176
Yep just create the /etc/pam.d/squid file - it's merely a text file.

pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.

Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month14 days, 7 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question