Hi,
I am having trouble with the Proxy Authentication in Squid.
In my squid.conf I wrote:
authenticate_program /usr/sbin/pam_auth
authenticate_ttl 60 seconds
acl all src 0.0.0.0/0.0.0.0
acl checkpw proxy_auth REQUIRED
http_access allow checkpw all
http_access deny all
and I expected, that Squid would return a HTTP reply with status
'Proxy Authentication Required' again after 60 seconds.
But Squid used the known authentication header and
accept the request (see cache.log).
What's wrong? It is possible to use Squid in this way?
Thanks
2002/07/18 16:06:42| aclCheckFast: list: 0x8229cb8
2002/07/18 16:06:42| aclMatchAclList: checking all
2002/07/18 16:06:42| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2002/07/18 16:06:42| aclMatchIp: '194.95.80.15' found
2002/07/18 16:06:42| aclMatchAclList: returning 1
2002/07/18 16:06:42| aclCheck: checking 'http_access allow checkpw all'
2002/07/18 16:06:42| aclMatchAclList: checking checkpw
2002/07/18 16:06:42| aclMatchAcl: checking 'acl checkpw proxy_auth REQUIRED'
2002/07/18 16:06:42| aclMatchAclList: returning 0
2002/07/18 16:06:42| aclCheck: match found, returning 2
2002/07/18 16:06:42| aclCheckCallback: answer=2
2002/07/18 16:06:42| The request GET http://www.fh-frankfurt.de/ is DENIED,
because it matched 'checkpw'
2002/07/18 16:06:53| aclCheckFast: list: 0x8229cb8
2002/07/18 16:06:53| aclMatchAclList: checking all
2002/07/18 16:06:53| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2002/07/18 16:06:53| aclMatchIp: '194.95.80.15' found
2002/07/18 16:06:53| aclMatchAclList: returning 1
2002/07/18 16:06:53| aclCheck: checking 'http_access allow checkpw all'
2002/07/18 16:06:53| aclMatchAclList: checking checkpw
2002/07/18 16:06:53| aclMatchAcl: checking 'acl checkpw proxy_auth REQUIRED'
2002/07/18 16:06:53| aclDecodeProxyAuth: header = 'Basic dGVzdDp0ZXN0'
2002/07/18 16:06:53| aclDecodeProxyAuth: cleartext = 'test:test'
2002/07/18 16:06:53| aclMatchProxyAuth: checking user 'test'
2002/07/18 16:06:53| aclMatchProxyAuth: user 'test' not yet known
2002/07/18 16:06:53| aclMatchAclList: returning 0
2002/07/18 16:06:53| aclCheck: checking password via authenticator
2002/07/18 16:06:53| aclDecodeProxyAuth: header = 'Basic dGVzdDp0ZXN0'
2002/07/18 16:06:53| aclDecodeProxyAuth: cleartext = 'test:test'
2002/07/18 16:06:53| aclLookupProxyAuthStart: going to ask authenticator on
test
2002/07/18 16:06:53| aclLookupProxyAuthDone: result = OK
....
next request:
....
2002/07/18 16:08:30| aclCheck: checking 'http_access allow checkpw all'
2002/07/18 16:08:30| aclMatchAclList: checking checkpw
2002/07/18 16:08:30| aclMatchAcl: checking 'acl checkpw proxy_auth REQUIRED'
2002/07/18 16:08:30| aclDecodeProxyAuth: header = 'Basic dGVzdDp0ZXN0'
2002/07/18 16:08:30| aclDecodeProxyAuth: cleartext = 'test:test'
2002/07/18 16:08:30| aclMatchProxyAuth: checking user 'test'
2002/07/18 16:08:30| aclMatchProxyAuth: user 'test' password mismatch/timeout
(!!)
2002/07/18 16:08:30| aclMatchAclList: returning 0
2002/07/18 16:08:30| aclCheck: checking password via authenticator
2002/07/18 16:08:30| aclDecodeProxyAuth: header = 'Basic dGVzdDp0ZXN0'
2002/07/18 16:08:30| aclDecodeProxyAuth: cleartext = 'test:test'
2002/07/18 16:08:30| aclLookupProxyAuthStart: going to ask authenticator on
test
2002/07/18 16:08:30| aclLookupProxyAuthDone: result = OK
2002/07/18 16:08:30| aclCheck: checking 'http_access allow checkpw all'
2002/07/18 16:08:30| aclMatchAclList: checking checkpw
2002/07/18 16:08:30| aclMatchAcl: checking 'acl checkpw proxy_auth REQUIRED'
2002/07/18 16:08:30| aclDecodeProxyAuth: header = 'Basic dGVzdDp0ZXN0'
2002/07/18 16:08:30| aclDecodeProxyAuth: cleartext = 'test:test'
2002/07/18 16:08:30| aclMatchProxyAuth: checking user 'test'
2002/07/18 16:08:30| aclMatchProxyAuth: user 'test' validated OK
2002/07/18 16:08:30| aclMatchProxyAuth: user 'test' previously validated
-- +---------------------------------------------------------------------+ | | | Aki Hockerts | | FH-Frankfurt am Main | | Abt. Datenverarbeitung Tel.: 069 / 1533-2489 | | FAX : 069 / 1533-62489 | | Kleiststr. 31 (Gebaeude 9) Mail: hockerts@dv.fh-frankfurt.de | | 60318 Frankfurt am Main HTTP: www.fh-frankfurt.de/wwwdv | | | +---------------------------------------------------------------------+Received on Fri Jul 19 2002 - 01:50:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:18 MST