[squid-users] PAM does not work properly

From: Michael Gens <[email protected]>
Date: Tue, 19 Nov 2002 14:03:01 +0100

Hello:

I am using squid and squid guard from a SuSE Linux 8.1 Distribution.

I told squid to use PAM as authentication mechanism.

My configuration is a router as dial-on-demand gateway for a private
network. On this router squid and squid guard are installed.

Every time an URL outside this private net is called a popup window
appears and asks for the username and appropriate password. After that
nothing more happens without a timeout.

In the access log I always find entries like that one:

1037533477.803 24 <my IP> TCP_DENIED/407 1362 GET
http://www.nasa.gov/ - NONE/- -

Someone told me "407" means Proxy Authentication required". And this
message points toward a PAM configuration promblem.

This I am not able to realize, because there was an authentication
process at the beginning of calling the URL.

In /etc/squid/squid.conf I set:

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /squid/cache 3000 16 256
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
redirect_program /usr/sbin/squidGuard
redirect_children 5
negative_ttl 5 seconds
acl checkpw proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access allow checkpw all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
cache_mgr root

What is wrong with that?

Any help appreciate!

Thank you in advance.

-- 
Rgds.
             _ #          Michael                        # _
Received on Thu Nov 21 2002 - 09:24:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:20 MST