[squid-users] Strange authentication problem from Jürgen Obermeyer on 2013-11-01 (squid-users)

From: Jürgen Obermeyer <admin_at_oegym.de>
Date: Fri, 01 Nov 2013 14:34:44 +0100

I am using Squid 2.7 on a Debian box for several years without any
problem. Without changing the configuration (only doing the necessary
system updates), the user authentication is not longer working as
expected. I activated two authentication schemes (squid_kerb_auth and
pam_auth). While Kerberos authentication is working fine on our Linux
boxes, PAM
authentication sometimes failes. Here are some logfile entries from the
cache.log file:

*** BEGIN ***

2013/11/01 08:20:31| aclCheck: checking 'http_access allow password'
2013/11/01 08:20:31| aclMatchAclList: checking password
2013/11/01 08:20:31| aclMatchAcl: checking 'acl password proxy_auth
REQUIRED'
2013/11/01 08:20:31| authenticateValidateUser: Validating Auth_user
request '(nil)'.
2013/11/01 08:20:31| authenticateValidateUser: Auth_user_request was NULL!
2013/11/01 08:20:31| authenticateAuthenticate: broken auth or no
proxy_auth header. Requesting auth header.
2013/11/01 08:20:31| aclAuthenticated: returning 0 sending
authentication challenge.
2013/11/01 08:20:31| aclMatchAclList: no match, returning 0
2013/11/01 08:20:31| aclCheck: requiring Proxy Auth header.
2013/11/01 08:20:31| aclCheck: match found, returning 2
2013/11/01 08:20:31| cbdataUnlock: 0xba583c00
2013/11/01 08:20:31| aclCheckCallback: answer=2
2013/11/01 08:20:31| cbdataValid: 0xb5002098
2013/11/01 08:20:31| The request GET http://www.spiegel.de/ is DENIED,
because it matched 'password'
2013/11/01 08:20:31| Access Denied: http://www.spiegel.de/
2013/11/01 08:20:31| AclMatchedName = password
2013/11/01 08:20:31| Proxy Auth Message = <null>

*** END ***

If I understand well, no authentication data is delivered and so the
browser pops up an authentication dialogue. If the user enters his data,
the dialogue appears again and again without showing the requested web
page. If one clicks on the cancel button, the requested web page appears
sometimes.

Let's take my own MacBook as example: the proxy AND the authentication
data are stored in the network configuration settings. So, Safari has
never to ask for this data, but since some days, I am not able to see
any web page.

Most of our Windows boxes using pam_auth are working fine; the problem
appears only rarely.

Can you help, please? Thanks in advance!

Juergen
Received on Fri Nov 01 2013 - 13:34:50 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 12:00:07 MDT