squid password

I have the following problem:
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:

- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)

alternatively:

- is there a way to use the shadow password file  so that
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program  /usr/lib/squid/<some program> /etc/shadow


Thanks

illu666Asked:
Who is Participating?
 
pjedmondCommented:
Guess I ought to finish this off, as I've found a few glitches in the setup:

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

needs to be in the /etc/pam.d/squid file, and I also had to suid as after test running under root account it was fine, but started correctly I got an error message "Too few basicauthenticator processes are running" which for 1 person is ridiculous. These errors came from /var/log/messages

chmod 4755 /usr/lib/squid/pam_auth

HTH:)
0
 
pjedmondCommented:
From http://www.squid-cache.org/Doc/FAQ/FAQ-23.html:

The Squid source code comes with a few authentcation processes for Basic authentication. These include:

    * LDAP: Uses the Lightweight Directory Access Protocol
    * NCSA: Uses an NCSA-style username and password file.
    * MSNT: Uses a Windows NT authentication domain.
    * PAM: Uses the Linux Pluggable Authentication Modules scheme.
    * SMB: Uses a SMB server like Windows NT or Samba.
    * getpwam: Uses the old-fashioned Unix password file.
    * sasl: Uses SALS libraries.
    * winbind: Uses Samba authenticate in a Windows NT domain

Yuu could use PAM (which enables you to use your /etc/passwd and /etc/shadow files?

or if you want to use .htaccess:

http://www.squid-cache.org/related-software.html#auth

Loads of options..I've even found POP and IMAP authentication...but lets go for PAM, as that enables you to use the passwd/shadow files:)

The squid.conf line you need is:

auth_param basic program /usr/lib/squid/pam_auth

Now create your PAM configuration file:

http://www.die.net/doc/linux/man/man8/pam_auth.8.html

Restart squid and you should be up and running.

HTH:)



0
 
pjedmondCommented:
After making a complete mess of my ACLs, I can recommend reading this:

http://www.linuxdevcenter.com/pub/a/linux/2001/08/09/authen_squid.html?page=2

Phew...mines now working:)
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
illu666Author Commented:
i don't have any /etc/pam.d/squid file

can i create it manually?

p.s.:
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
wants the path to file /etc/squid/passwd
in your example
auth_param basic program /usr/lib/squid/pam_auth
there is not
is it right?
0
 
illu666Author Commented:
hehe it happens

anyway i need a more complex acl...
they want an ip class with autentication
and another with it.

but i already done some test, it should work
thanks

0
 
pjedmondCommented:
Yep just create the /etc/pam.d/squid file - it's merely a text file.

pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.

Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.