At 04:33 PM 9/22/00 +0545, pjoshi@parijat.info.com.np wrote:
>Hi,
>
>Sorry if this has been answered before, but honestly couldn't find what I
>was looking for in the archive.
>
>I am using ncsa_authentication and have got
>
>authenticate_program /usr/local/squid/bin/ncsa_auth /etc/shadow &
>authenticate_children 5
>
>in squid.conf file.
>
>Now with the command,
>/usr/local/squid/bin/ncsa_auth /etc/shadow
>username password
> gives Ok.
I guess when you try this you were root (or had similar access rights) and
the proxy uses (should use) nobody or something similar with minimal
access. The shadow file ought to be protected that only root can read it
while the password file has all public stuff (that is the whole point of
the shadow file).
So as soon as squid starts using the ncsa_auth the OS gives it access
denied. You can make your ncsa_auth SUID but I'd modify it to deny access
to system accounts to prevent it from brute force root-password guessing...
Marc
>But from the browser when I try to use proxy with the same username and
>password, it gives "Proxy Authentication Failure" and after 4 attempts log
>file says "Too few authenticator processes are running" and squid
>restarts.
>
>What am I doing wrong?
>
>Prakash.
>
>--
>To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
Tel: +31 70 3142454
E-mail: marc.van.selm@nc3a.nato.int (PGP capable)
Tactical ATM: +31 70 3148183 / 71183
--------------------------------------------------------------------
Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Sep 25 2000 - 01:06:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:27 MST