Re: [squid-users] NCSA and PAM Authentication Issue

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 5 Mar 2003 09:24:46 +0100

On Wednesday 05 March 2003 05.10, Siao Yuan Tan wrote:

> Problems
> --------
> 1. Everytime a browser popup ask for login, the first page of
> access is always denied and the log shown user NONE.
>
> 1046834575.375 1 192.168.1.19 TCP_DENIED/407 1365 GET
> http://www.yahoo.com/ - NONE/- -

This is normal (the log that is).

> After refreshing, it is OK.

I think you are experiencing a Microsoft high quality browser..

http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.12

> 2. How to make squid only ask for login once instead of every new
> browser windows or every new HTML outlook mail. This is very
> troublesome for user to login when they read a new HTML mail from
> outllok or open a new browser window.

This is a browser/client issue, nothing Squid can do about it.

> PAM authentication Issue
> ------------------------

> Problems
> ---------
> 1. This is very serious, because everytime it authenticate, the
> page will not load at all and refreshing also will not work.

Most likely your PAM helper installation is not correct.

If it works from the command line as root, but not from Squid the
following applies:

When using pam_unix.so (or any other PAM backend using /etc/shadow)
the squid_pam_auth helper needs to be installed set-user-id root, or
else it will not be allowed to read the password database..

This can be verified by trying to run the helper from the command line
as the user listed as cache_effective_user in squid.conf to more
closely simulate what happens when you run the helper from Squid.

Other PAM backends may have similar restrictions.

Regards
Henrik
Received on Wed Mar 05 2003 - 01:22:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:55 MST