Re: [squid-users] Proxy server with authentication by squid.

From: Joe Cooper <joe@dont-contact.us>
Date: Mon, 24 Jun 2002 11:56:44 -0500

Hi Prabu,

(Note:Squid questions should stay on the list so others can join in, and
others can learn from the answers.)

/etc/passwd on a Linux system does not have passwords in it, so you're
right about ncsa_auth not being able to use it. That said, ncsa_auth
also will not be able to use the shadow file on most Linux systems
because most use MD5 encrypted passwords, /and/ the helper would have to
be root to read it. There is a ncsa_auth module out there somewhere
that can auth against an MD5 encrypted password, however.

To create a passwd file that ncsa_auth understands, check out the
manpage for htpasswd (htpasswd is part of the Apache package).

man htpasswd

ncsa_auth uses the old standard NCSA authentication file format used by
Apache, so whatever tools that can be used for maintaining those files
can be used for maintaining the Squid password file. We use Webmin for
our clients who need authentication.

You could also use the PAM authentication helper, if you really want to
use system user passwords for authenticating users to the proxy. (I
don't recommend this, as I don't like the idea of users having accounts
on server machines if it can reasonably be avoided.)

Prabu Subroto wrote:
> Dear Joe, here I come again.
>
> I am using SuSE 8 Package.
>
> This what I've configured on my Squid server :
> "
> acl internet proxy_auth REQUIRED
> http_access allow internet
> authenticate_program /usr/sbin/ncsa_auth /etc/passwd
> "
> then I made one user account with YaST and the name of
> the account is "internet".
>
> But it still doesn't run properly because after my LAN
> users type-in the user (internet) & its password, than
> the user&password prompt will come again and again.
>
> Is it because ncsa_auth can not read the encryption of
> password between 'passwd' file and 'shadow' file ?
> Should I make its own passwd file for Squid ? But how
> ?
>
> Thank you very much.
>
>
> --- Joe Cooper <joe@swelltech.com> wrote:
>
>>It is also very simple with Squid, and is covered
>>pretty well in the FAQ
>>here:
>>
>>http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
>>
>>If you have any problems after reading this, get
>>back to us, and I'm
>>sure someone can help. (BTW-There are several web
>>based mechanisms for
>>handling the userlist and password changes
>>graphically, including Pedro
>>Orsos C CGI htpasswd, the Webmin Squid module, and
>>others.)
>>
>>Prabu Subroto wrote:
>>
>>>He dears.
>>>
>>>I want to implement authentication method with
>>
>>Squid.
>>
>>>I want if the users of my LAN are going to use
>>>internet through my proxy server (Squid) than
>>
>>firstly
>>
>>>they will find prompt on their web server and they
>>>have to type username and password before they are
>>>permitted to use internet.
>>>Is it possible with Squid ? How ? This is very
>>
>>simple
>>
>>>with MS Proxy Server but this is the first time
>>
>>for me
>>
>>>to use Squid.
>>>
>>>Thank you very much in advance.
>>
>>--
>>Joe Cooper <joe@swelltech.com>
>>Web caching appliances and support.
>>http://www.swelltech.com

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com
Received on Mon Jun 24 2002 - 10:57:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:47 MST