Re: Authentication unconditionally built into 2.5S13

This patch, in conjunction --disable-auth, allows authentication to be
completely disabled:

--- squid-2.5.STABLE13/configure.orig 2006-03-15 14:56:10.000000000 -0500
+++ squid-2.5.STABLE13/configure 2006-03-15 14:56:56.000000000 -0500
@@ -2855,12 +2855,13 @@

 fi

-echo "Auth scheme modules built: $AUTH_MODULES"
-
-AUTH_OBJS="auth/lib`echo $AUTH_MODULES|sed -e 's% %.a auth/lib%g'`.a"
-
-AUTH_LIBS="`echo $AUTH_OBJS|sed -e 's%auth/%%g'`"
-
+if test -z "$AUTH_MODULES"; then
+ echo Auth scheme modules built: none
+else
+ AUTH_OBJS="auth/lib`echo $AUTH_MODULES|sed -e 's% %.a auth/lib%g'`.a"
+ AUTH_LIBS="`echo $AUTH_OBJS|sed -e 's%auth/%%g'`"
+ echo "Auth scheme modules built: $AUTH_MODULES"
+fi

 BASIC_AUTH_HELPERS=""
 # Check whether --enable-auth-modules or --disable-auth-modules was given.

---------- Forwarded Message ----------

Subject: Authentication unconditionally built into 2.5S13
Date: Wednesday 15 March 2006 2:38 pm
From: Steve Snyder <swsnyder@insightbb.com>
To: squid-dev@squid-cache.org

I have no need for authentication and so I have no references to any auth
options in my 2.5S13 configuration. Despite this, library auth/libbasic.a
is always built and linked into the squid executable.

My configuration looks like this:

%configure \
   --exec_prefix=/usr \
   --bindir=%{_sbindir} \
   --libexecdir=%{_libdir}/squid \
   --localstatedir=/var \
   --sysconfdir=/etc/squid \
   --enable-removal-policies="heap,lru" \
   --enable-storeio="aufs,coss,diskd,null,ufs" \
   --enable-ssl \
   --with-openssl=/usr/kerberos \
   --enable-linux-netfilter \
   --with-pthreads \
  
 --enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,
winbind_group" \ --enable-useragent-log \
   --enable-referer-log \
   --disable-dependency-tracking \
   --enable-cachemgr-hostname=localhost \
   --disable-ident-lookups \
   --datadir=%{_datadir} \
   --enable-err-languages=English

(The above was snipped from a RPM spec file, hence the %{variable}
references. I think you get the idea, though.)

This library is not just built. It is required to successfully link the
squid executable.

The root cause of this is the following in the configure script:

   if test -z "$AUTH_MODULES"; then
     AUTH_MODULES="basic"

If no authentication has been explicitly configured then AUTH_MODULES will
not have been set when we get down to here in the script. Effectively, no
authentication specifies basic authentication.

Adding the --disable-auth switch to the config command line fixes this
problem by avoiding those 2 lines above. Alas, it creates a new problem
as the auth/Makefile isn't smart enough to know that there is nothing to
do:

Making all in auth
make[3]: Entering directory
 `/home/rpmbuild/rpmbuild/BUILD/squid-2.5.STABLE13/src/auth' make[4]:
 Entering directory
 `/home/rpmbuild/rpmbuild/BUILD/squid-2.5.STABLE13/src/auth' make[4]: ***
 No rule to make target `lib.a', needed by `all-am'. Stop. make[4]:
 Leaving directory
 `/home/rpmbuild/rpmbuild/BUILD/squid-2.5.STABLE13/src/auth' make[3]: ***
 [all-recursive] Error 1

FYI.

-------------------------------------------------------
Received on Wed Mar 15 2006 - 13:15:32 MST