Re: problem with proxy_auth from Dancer on 1999-05-01 (squid-users)

From: Dancer <dancer@dont-contact.us>
Date: Sun, 02 May 1999 11:23:36 +1000

Julio wrote:
>
> I've written a simple perl script to act as an authenticate program:
>
> ---------- cut here ----------
>
> #!/usr/bin/perl

$|=1; # Flush STDOUT after every write, otherwise squid will hang
# waiting for responses.
>
> LINE: while (<STDIN>) {
>
> chomp;
> @parameters = split / /;
> $givenUser = @parameters[0];
> $givenPasswd = @parameters[1];
>
> if ($givenUser eq "") {
> print "ERR\n";
> next LINE;
> }
>
> unless ($systemPasswd = (getpwnam $givenUser)[1]) {
> print "ERR\n";
> next LINE;
> }
>
> $salt = substr $systemPasswd, 0, 2;
>
> if (crypt($givenPasswd,$salt) eq $systemPasswd) { print "OK\n"; }
> else { print "ERR\n"; }
>
> }
>
> ---------- cut here ----------
>
> This program works as expected, and produces the same output as
> ncsa_auth, but uses the system authentication scheme, bypassing NIS
> configurations, for example.
>
> So I've added the following entries in squid.conf:
>
> authenticate_program /usr/local/sbin/check-auth-system.pl
> acl extauth proxy_auth REQUIRED
> acl localnet src 192.168.0.0/24
> http_access allow localnet extauth
> http_access deny all
>
> So, when I try to access a URL through Squid, I receive an
> authentication dialog box from the browser properly. However, when I
> provide a valid user name/password pair (one that the script would
> produce a "OK" output), or even if I provide an invalid user/password
> pair, the browser hangs waiting for a reply from Squid that never comes.
> I've debugged the script, and I'm sure Squid is calling it and that it's
> returning the correct output, and that Squid maintains 5 processes with
> the script running. Squid inserts TCP_DENIED messages (after I give up
> waiting in the browser and stop the transfer) in the access.log file for
> the URLs I try to access as:
>
> 925609751.027 623 192.168.0.4 TCP_DENIED/407 1555 GET
> http://squid.nlanr.net/Squid/ 2 - NONE/- text/html
>
> But if I just set:
>
> http_access allow localnet
>
> it works fine (but without authentication, of course). Any ideas why
> this is happening?
> I'd appreciate any help. Thanks in advance,
>
> Julio
Received on Sat May 01 1999 - 19:10:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:12 MST