Adrian Chadd schrieb:
>
> Hi,
>
> You sent this to squid-user@ instead of squid-users@ ..
>
> Try resending. :)
>
> ADrian
ooops... already wondered what happend to my mail :)
>
> On Fri, Apr 19, 2002, christian.schoeniger@fes-aes.de wrote:
> > hi again,
> >
> > there seems to be a bug with authenticate_ip_ttl_is_stric:
> > if an user tries to authenticat with his correct user/password
> > from a second ip everything is fine. access is denied.
> >
> > if the user enters a wrong password and re-enters the correct one,
> > access is granted.
> >
> > i'm using 2.4.stable6 with pam_auth via pam_smb_auth
> >
> > the problem seems to be that the valid user from the first ip is
> > removed from the list of previously validated users, if someone
> > enter a wrong password for this user from a second ip address.
> >
i solved my problem, but maybe this is also interesting for others.
function aclMatchProxyAuth() in acl.c handles the case when someone
tries to authenticate from a second ip address with an already validated
username and authenticate_ip_ttl_is_strict is set to on as a simple
password mismatch and removes the user from the list of already known and
valid users.
* $Id: acl.c,v 1.225.2.8 2001/08/21 05:55:47 wessels Exp $
i added some lines in acl.c and it works. maybe someone can check this?
pxy2 squid-2.4.STABLE6/src# diff -iw acl.original.c acl.c
1186a1187,1192
> if (Config.onoff.authenticateIpTTLStrict && (checklist->src_addr.s_addr != auth_user->ipaddr.s_addr)) {
> /* different ip addr, wrong password and authenticate_ip_ttl_is_strict on */
> debug(28, 4) ("aclMatchProxyAuth: user '%s' tries to use multple IP addresses and password mismatch\n",user);
> return 0;
> /* deny access, but don't remove user from hash */
> } else {
1195a1202
> }
-- -----===========================================================----- Christian Schöniger, SYSADM, FES GmbH - Fahrzeug-Entwicklung Sachsen phone: +49 375 56 60 254 fax: +49 375 56 60 319 http://www.fes-aes.de -----===========================================================----- -----====> The probability of someone watching you is <====----- -----====> proportional to the stupidity of your action. <====----- -----===========================================================-----Received on Fri Apr 26 2002 - 06:41:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:42 MST