Link to home
Start Free TrialLog in
Avatar of illu666
illu666

asked on

squid password

I have the following problem:
i have a squid proxy server on linux debian sarge without authentication.
they want authentication. No problem. I can use a password file
with htpassword.exe.
Only, they want a web-based way to admin the password file.
I have webmin/usermin installed, so i thinked to use them.
only... i use shadow password, that is DES encrypted, whereas
basic squid auth uses ncsa.
My question is:

- is there a web-based administration tool to admin ncsa password file?
(i already tried usermin-htaccess module, but it can't modify the password file)

alternatively:

- is there a way to use the shadow password file  so that
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
becomes something like
auth_param basic program  /usr/lib/squid/<some program> /etc/shadow


Thanks

Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image
From http://www.squid-cache.org/Doc/FAQ/FAQ-23.html:

The Squid source code comes with a few authentcation processes for Basic authentication. These include:

    * LDAP: Uses the Lightweight Directory Access Protocol
    * NCSA: Uses an NCSA-style username and password file.
    * MSNT: Uses a Windows NT authentication domain.
    * PAM: Uses the Linux Pluggable Authentication Modules scheme.
    * SMB: Uses a SMB server like Windows NT or Samba.
    * getpwam: Uses the old-fashioned Unix password file.
    * sasl: Uses SALS libraries.
    * winbind: Uses Samba authenticate in a Windows NT domain

Yuu could use PAM (which enables you to use your /etc/passwd and /etc/shadow files?

or if you want to use .htaccess:

http://www.squid-cache.org/related-software.html#auth

Loads of options..I've even found POP and IMAP authentication...but lets go for PAM, as that enables you to use the passwd/shadow files:)

The squid.conf line you need is:

auth_param basic program /usr/lib/squid/pam_auth

Now create your PAM configuration file:

http://www.die.net/doc/linux/man/man8/pam_auth.8.html

Restart squid and you should be up and running.

HTH:)



ASKER CERTIFIED SOLUTION
Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image
After making a complete mess of my ACLs, I can recommend reading this:

http://www.linuxdevcenter.com/pub/a/linux/2001/08/09/authen_squid.html?page=2

Phew...mines now working:)
Avatar of illu666
illu666

ASKER

i don't have any /etc/pam.d/squid file

can i create it manually?

p.s.:
auth_param basic program  /usr/lib/squid/ncsa_auth /etc/squid/passwd
wants the path to file /etc/squid/passwd
in your example
auth_param basic program /usr/lib/squid/pam_auth
there is not
is it right?
Avatar of illu666
illu666

ASKER

hehe it happens

anyway i need a more complex acl...
they want an ip class with autentication
and another with it.

but i already done some test, it should work
thanks

Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image
Yep just create the /etc/pam.d/squid file - it's merely a text file.

pam_auth gets it's information from the /etc/pam.d/squid file by default (Not even sure if there is an option on this?), so there is no need for the additional file name.

Not sure about my acl setup - it's a mess - Only the second or 3rd time I've had a go at a squid setup!