p cooper wrote:
> Ive volunteered to setup one machine with 4 logins + content
> filtering/time based ACL for the 2 children to replace ( and improve
> on ) my sisters' dying winXP machine.
> I want to use basic authentication ( less work for me and i think) and
> none are particularly computer literate to mess around at all ( well
> -yet)
>
> OS = gentoo linux
>
> ive compiled squid Squid Version 2.6.STABLE18 with configure options:
> '--enable-basic-auth-helpers=getpwnam'
>
Hmmm. From
http://www.squid-cache.org/mail-archive/squid-users/200511/0423.html,
"getpwnam supports non-shadow style password files using crypt hash
format only."
> bits of my squid conf
>
> hepworth ~ # grep ^[A-Za-z] /usr/local/squid/etc/squid.conf
> auth_param basic program /usr/local/squid/libexec/getpwname_auth /etc/passwd
>
Paraphrasing the linked message, there are likely no passwords in
/etc/passwd. Most recent systems use /etc/shadow to store passwords
(with which you'd likely have better luck using pam_auth).
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl passwd proxy_auth
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow passwd
> http_access deny all
> icp_access allow all
> http_port 3128
> logformat squid %tl %Ss/%03Hs %rm %ru %ul %mt
> access_log /var/log/squid/access.log squid
>
The rest of it looks fine.
> but the proxy wont let me through when i enter he username and unix
> login password.
>
> hepworth ~ # tail -n 3 /var/log/squid/access.log
> 16/Mar/2008:12:08:44 +0000 TCP_DENIED/407 GET
> http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
> andrew text/html
> 16/Mar/2008:12:08:57 +0000 TCP_DENIED/407 GET
> http://en-us.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
> andrew text/html
> 16/Mar/2008:12:09:00 +0000 TCP_DENIED/407 GET
> http://en-us.start2.mozilla.com/favicon.ico - text/html
> hepworth ~ #
>
Chris
Received on Thu Mar 20 2008 - 17:40:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT