Amos Jeffries wrote:
> Yan Seiner wrote:
>> I'm trying to set up squid authentication, and I must be missing
>> something simple. I've tried both pam and ldap; while each works
>> separately, neither will work with squid. The browser never pops up
>> the authentication dialog box.
>>
>> If I use basic or htdigest auth in apache, the browsers properly
>> display the auth dialog box. But not with squid.
>>
>> auth_param basic program /usr/lib/squid/pam_auth
>>
>> acl AUTHENTICATED proxy_auth REQUIRED
>> acl our_networks src 192.168.128.0/24
>> acl localhost src 127.0.0.1/32
>> acl all src 0.0.0.0/0.0.0.0
>>
>> http_access allow AUTHENTICATED
>> #http_access allow our_networks
>> http_access allow localhost
>> http_access deny all
>>
>> Any ideas on what I'm doing wrong?
>
> deny !AUTHENTICATED.
>
> On 'allow' squid will either accept (aka allow) or continue looking
> for other rules that may apply.
>
> If you deny access to non-authenticated users Squid will challenge for
> any missing auth details before continuing to look for a reason to
> allow the request.
>
> Normal auth usage is like this:
>
> http_access deny !AUTHENTICATED
> http_access allow our_networks
> http_access deny all
The wiki is misleading on this.
http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
>
> (allow only local networks, if they are authenticated first)
>
> Amos
Chris
Received on Thu Jun 11 2009 - 20:33:03 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 12 2009 - 12:00:03 MDT