Re: [squid-users] Problem in access to cache manager

thanks Amos i set "cachemgr_passwd none all", even if i remove user and password for cache manager, it doesn't work yet with authenticatin! i searched in bugzilla and didn't find any bug about this problem. On Wednesday, December 25, 2013 1:55 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote: On 24/12/2013 9:35 p.m., ana any wrote: > > > Greeting, > > I installed squid 3.3.9 on debian, but I don't have access to cache manager with authentication :( > If I remove "http_access allow authenticated" line, then I have access. > > Here is a part of my config: > > cache_mgr admin_at_example.com > cachemgr_passwd MYPASS all > > auth_param digest program /usr/local/squid/libexec/digest_file_auth -c /home/passwd.htdigest >  auth_param digest children 5 >  auth_param digest realm ProxyServer >  auth_param digest nonce_garbage_interval 5 minutes >  auth_param digest > nonce_max_duration 30 minutes >  auth_param digest nonce_max_count 50 > acl authenticated proxy_auth REQUIRED > http_access allow authenticated > > What's wrong with it?! > Any helps would be appreciated. > What should be happening is one of: * forward-proxy ports: - your proxy challenges for proxy-auth credentials using Digest and uses your helper to validate those Digest credentials. - when those are presented and accepted, - the cachemgr challenges for www-auth using Basic and uses your cachemgr_passwd settings to validate these Basic credentials. * reverse-proxy ports: - your proxy challenges for www-auth credentials using Digest and uses your helper to validate those Digest credentials. - when those are presented and accepted, - the cachemgr attempts to locate www-auth Basic credentials an fails.   (If you were authenticating with Basic for the proxy and the users password matched cachemgr_passwd this might go through as above). * transparent intercept ports - your proxy ignores the request and passes it on to the server upstream. How does the HTTP traffic you are seeing match up with that description? Alternatively could you be hitting one of the bugs which appear to be in Squid Digest implementation? there are a few which result in erroneous rejections. As a workaround you could set "cachemgr_passwd none all" and rely on the Digest authentication and "manager" ACL to filter people who are logged in whether they can access the cachemgr or not. Amos
Received on Thu Dec 26 2013 - 13:34:45 MST