RE: problem with proxy_auth

try

authenticate_program /usr/local/sbin/check-auth-system.pl
acl extauth proxy_auth REQUIRED
acl localnet src 192.168.0.0/24
http_access allow localnet
http_access allow extauth
http_access deny all

----------
http_access allow uses "AND logic"

"http_access allow localnet extauth", means localnet AND extauth and nobody
match this rule.

Jesús Redrado
EduNet
jredrado@edunet.es

-----Mensaje original-----
De: Julio <julio@pobox.com>
Para: squid-users@ircache.net <squid-users@ircache.net>
Fecha: Sunday, May 02, 1999 3:24 AM
Asunto: problem with proxy_auth

>I've written a simple perl script to act as an authenticate program:
>
>---------- cut here ----------
>
>#!/usr/bin/perl
>
>LINE: while (<STDIN>) {
>
> chomp;
> @parameters = split / /;
> $givenUser = @parameters[0];
> $givenPasswd = @parameters[1];
>
> if ($givenUser eq "") {
> print "ERR\n";
> next LINE;
> }
>
> unless ($systemPasswd = (getpwnam $givenUser)[1]) {
> print "ERR\n";
> next LINE;
> }
>
> $salt = substr $systemPasswd, 0, 2;
>
> if (crypt($givenPasswd,$salt) eq $systemPasswd) { print "OK\n"; }
> else { print "ERR\n"; }
>
>}
>
>---------- cut here ----------
>
>This program works as expected, and produces the same output as
>ncsa_auth, but uses the system authentication scheme, bypassing NIS
>configurations, for example.
>
>So I've added the following entries in squid.conf:
>
>authenticate_program /usr/local/sbin/check-auth-system.pl
>acl extauth proxy_auth REQUIRED
>acl localnet src 192.168.0.0/24
>http_access allow localnet extauth
>http_access deny all
>
>So, when I try to access a URL through Squid, I receive an
>authentication dialog box from the browser properly. However, when I
>provide a valid user name/password pair (one that the script would
>produce a "OK" output), or even if I provide an invalid user/password
>pair, the browser hangs waiting for a reply from Squid that never comes.
>I've debugged the script, and I'm sure Squid is calling it and that it's
>returning the correct output, and that Squid maintains 5 processes with
>the script running. Squid inserts TCP_DENIED messages (after I give up
>waiting in the browser and stop the transfer) in the access.log file for
>the URLs I try to access as:
>
>925609751.027 623 192.168.0.4 TCP_DENIED/407 1555 GET
>http://squid.nlanr.net/Squid/ 2 - NONE/- text/html
>
>But if I just set:
>
>http_access allow localnet
>
>it works fine (but without authentication, of course). Any ideas why
>this is happening?
>I'd appreciate any help. Thanks in advance,
>
>Julio
>
Received on Mon May 03 1999 - 10:01:02 MDT