[squid-users] NCSA and PAM Authentication Issue from Siao Yuan Tan on 2003-03-04 (squid-users)

From: Siao Yuan Tan <sy.tan@dont-contact.us>
Date: Wed, 5 Mar 2003 12:10:42 +0800

Dear All,

I am new to squid authentication and following some example, but
encounter the following problems. Any advise and help is very much
appreciated.

OS: Redhat 7.3
Squid Version: squid-2.4.STABLE6-6.7.3

NCSA Authentication Issue
-------------------------

Successfully done using htaceess password file. Below is the config I
had in squid.conf

authenticate_program /usr/lib/squid/ncsa_auth /usr/lib/squid/passwd
authenticate_children 5
acl passwordauth proxy_auth REQUIRED
http_access allow passwordauth

Problems
--------
1. Everytime a browser popup ask for login, the first page of access is
always denied and the log shown user NONE.

1046834575.375 1 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ - NONE/- -

After refreshing, it is OK.
1046834582.128 1 192.168.1.19 TCP_HIT/200 2687 GET
http://us.a1.yimg.com/us.yimg.com/i/mntl/sh/03q1/dell_cpu_2.gif tansy
NONE/- image/gif
1046834586.070 6771 192.168.1.19 TCP_MISS/200 39476 GET
http://www.yahoo.com/ tansy DIRECT/66.218.71.91 text/html

After I click refresh or goto any other sites, it is fine. How to solve
this first page not loading issue.

2. How to make squid only ask for login once instead of every new
browser windows or every new HTML outlook mail. This is very
troublesome for user to login when they read a new HTML mail from
outllok or open a new browser window.

PAM authentication Issue
------------------------

Added the folliwng to /etc/pam.d/squid

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

Then use the following squid confing setting

authenticate_program /usr/lib/squid/pam_auth
authenticate_children 5
acl passwordauth proxy_auth REQUIRED
http_access allow passwordauth

Problems
---------
1. This is very serious, because everytime it authenticate, the page
will not load at all and refreshing also will not work.

Squid log show the following:

1046832838.211 0 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ - NONE/- -
1046832864.413 2320 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -
1046832880.622 2481 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -
1046832892.985 2462 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -

----------------------------------------------------

Anyone has any idea, please let me know.

Thanks in advance.

Siao Tan
Received on Tue Mar 04 2003 - 21:10:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:55 MST