John Heyer wrote:
>
> I recently upgraded to STABLE4, and it seems Squid isn't working correctly
> with auth modules. On one system, ncsa_auth works fine from the command
> line:
>
> dragon# ./ncsa_auth /var/www/htpasswd/passwd
> baduser badpass
> ERR
> gooduser badpass
> ERR
> gooduser goodpass
> OK
>
> But when I set Squid as my proxy server, it retries until I enter a valid
> username/password, then *denies* me. We're using smb_auth on another
> system and are having the same problem. Did something change in
> squid.conf? Mine basically looks like
>
> authenticate_program /usr/local/squid/bin/ncsa_auth /var/www/htpasswd/passwd
> ..
> acl passauth proxy_auth 300
> ..
> http_access allow passauth
> http_access deny all
>
> --
> "Your illogical approach ... does have its advantages."
> -- Spock, after being Checkmated by Kirk
You have to do an allow (eg: allow all) after the 'allow passauth'. In
effect, a proxy_auth ACL is like a checkpoint. All it says is "You must
have a valid username or password to pass beyond this point".
In this case, the next point is 'deny all'.
Yes, the semantics of a proxy_auth allow acl are different from regular
acls.
D
Received on Wed Jul 21 1999 - 15:47:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:28 MST