Re: [squid-users] Problems with Authenticator

From: Udo Pokojski <[email protected]>
Date: Thu, 21 Oct 2004 10:52:23 +0200

>Yes it is asking and working.
>I have tried this in my Cache server for authentication type and it is
working
>there.
>
>> Cache Access Denied.
>> http://www.google.com/
>>
>
>It seems your http_access rule is not allowing to access cache there.

>
>> auth_param basic program /usr/src/null_auth
>
>Are you having the authenticator in this location with executable permission
>there?
>Try on command line as,
>/usr/src/null_auth
>test test
>OK
>OK
>......
>

On command line, the authenticator works.

>> auth_param basic children 20
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 1 minutes
>
>> acl password proxy_auth REQUIRED
>> http_access allow password
>
>It is correct.
>
>> Since I can find the "OK" in my cache.log, I assue that the authenticator
>> is used by squid. Why does the authencation fail?
>
>Are you using any more http_access rules there.? And did you reconfigure
>your running squid.? after making changes?

I restart squid after changig the configuration.

>Try to stop your squid and use, configuration as,
>
>auth_param basic program /usr/src/null_auth
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>auth_param basic casesensitive off
>
>acl password proxy_auth REQUIRED
>
>Go to the starting of # TAG: http_reply_access.
># http rule
>http_access allow auth
>http_access deny all
>
>Try now. Are you okie.
>

Now I end up in a timeout. After authenticating myself, the proxy is not
fetching the URL.
As a test I replaced in authenticator the string "OK" by "ERR". I expect
a "Cache access denied" error, I get no error. Regardless of the authenticator
one TCP_DENIED/407 is reported in access.log.

Squid seems to ignore the return value of the authenticator.

I am using this configuration:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic program /usr/sbin/null_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow password
http_access deny all
http_access deny !Safe_ports
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache/squid

When I am starting squid, I can find no errors in the cache.log:

proxy:/tmp # 2004/10/21 10:44:37| Starting Squid Cache version 2.5.STABLE3
for i686-pc-linux-gnu...
2004/10/21 10:44:37| Process ID 6574
2004/10/21 10:44:37| With 4096 file descriptors available
2004/10/21 10:44:37| DNS Socket created at 0.0.0.0, port 32771, FD 5
2004/10/21 10:44:37| Adding nameserver 192.168.12.3 from /etc/resolv.conf
2004/10/21 10:44:37| helperOpenServers: Starting 5 'null_auth' processes
2004/10/21 10:44:37| User-Agent logging is disabled.
2004/10/21 10:44:37| Referer logging is disabled.
2004/10/21 10:44:37| Unlinkd pipe opened on FD 15
2004/10/21 10:44:37| Swap maxSize 102400 KB, estimated 17066 objects
2004/10/21 10:44:37| Target number of buckets: 853
2004/10/21 10:44:37| Using 8192 Store buckets
2004/10/21 10:44:37| Max Mem size: 8192 KB
2004/10/21 10:44:37| Max Swap size: 102400 KB
2004/10/21 10:44:37| Local cache digest enabled; rebuild/rewrite every 3600/3600
sec
2004/10/21 10:44:37| Rebuilding storage in /var/cache/squid (CLEAN)
2004/10/21 10:44:37| Using Least Load store dir selection
2004/10/21 10:44:37| Set Current Directory to /var/cache/squid
2004/10/21 10:44:37| Loaded Icons.
2004/10/21 10:44:37| Accepting HTTP connections at 0.0.0.0, port 3128, FD
17.
2004/10/21 10:44:37| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2004/10/21 10:44:37| HTCP Disabled.
2004/10/21 10:44:37| Accepting SNMP messages on port 3401, FD 19.
2004/10/21 10:44:37| WCCP Disabled.
2004/10/21 10:44:37| Ready to serve requests.
2004/10/21 10:44:37| Done reading /var/cache/squid swaplog (24 entries)
2004/10/21 10:44:37| Finished rebuilding storage from disk.
2004/10/21 10:44:37| 24 Entries scanned
2004/10/21 10:44:37| 0 Invalid entries.
2004/10/21 10:44:37| 0 With invalid flags.
2004/10/21 10:44:37| 24 Objects loaded.
2004/10/21 10:44:37| 0 Objects expired.
2004/10/21 10:44:37| 0 Objects cancelled.
2004/10/21 10:44:37| 0 Duplicate URLs purged.
2004/10/21 10:44:37| 0 Swapfile clashes avoided.
2004/10/21 10:44:37| Took 0.3 seconds ( 91.1 objects/sec).
2004/10/21 10:44:37| Beginning Validation Procedure
2004/10/21 10:44:37| Completed Validation Procedure
2004/10/21 10:44:37| Validated 24 Entries
2004/10/21 10:44:37| store_swap_size = 236k
2004/10/21 10:44:38| storeLateRelease: released 0 objects

Regards,
   Udo Pokojski

________________________________________
http://www.epost.de - das Kommunikationsportal der Deutschen Post
Received on Thu Oct 21 2004 - 02:52:26 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST