problem with proxy_auth

From: Julio <[email protected]>
Date: Sat, 01 May 1999 21:50:24 -0300

I've written a simple perl script to act as an authenticate program:

---------- cut here ----------

#!/usr/bin/perl

LINE: while (<STDIN>) {

    chomp;
    @parameters = split / /;
    $givenUser = @parameters[0];
    $givenPasswd = @parameters[1];

    if ($givenUser eq "") {
        print "ERR\n";
        next LINE;
    }

    unless ($systemPasswd = (getpwnam $givenUser)[1]) {
        print "ERR\n";
        next LINE;
    }

    $salt = substr $systemPasswd, 0, 2;

    if (crypt($givenPasswd,$salt) eq $systemPasswd) { print "OK\n"; }
    else { print "ERR\n"; }

}

---------- cut here ----------

This program works as expected, and produces the same output as
ncsa_auth, but uses the system authentication scheme, bypassing NIS
configurations, for example.

So I've added the following entries in squid.conf:

authenticate_program /usr/local/sbin/check-auth-system.pl
acl extauth proxy_auth REQUIRED
acl localnet src 192.168.0.0/24
http_access allow localnet extauth
http_access deny all

So, when I try to access a URL through Squid, I receive an
authentication dialog box from the browser properly. However, when I
provide a valid user name/password pair (one that the script would
produce a "OK" output), or even if I provide an invalid user/password
pair, the browser hangs waiting for a reply from Squid that never comes.
I've debugged the script, and I'm sure Squid is calling it and that it's
returning the correct output, and that Squid maintains 5 processes with
the script running. Squid inserts TCP_DENIED messages (after I give up
waiting in the browser and stop the transfer) in the access.log file for
the URLs I try to access as:

925609751.027 623 192.168.0.4 TCP_DENIED/407 1555 GET
http://squid.nlanr.net/Squid/ 2 - NONE/- text/html

But if I just set:

http_access allow localnet

it works fine (but without authentication, of course). Any ideas why
this is happening?
I'd appreciate any help. Thanks in advance,

Julio
Received on Sat May 01 1999 - 18:29:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:12 MST