Right. Here localusers is the acl to require passwords. What about the following:
>acl all src 0.0.0.0/0.0.0.0 >acl localnetwork proxy_auth 192.168.0.0/255.255.255.0 remove the proxy_auth here. The config file says that a list of usernames follows proxy_auth, unless using REQUIRED keyword. >acl localusers proxy_auth REQUIRED >http_access deny !localnetwork >http_access allow localusers insert all after allow so that it reads: http_access allow all localusers Ernest Johanson Systems Administrator Fuller Theological Seminary On Wed, 16 Jul 2003, Botha, Francois wrote: > Date: Wed, 16 Jul 2003 16:20:00 +0200 > From: "Botha, Francois" <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: squid user_auth > > Hi, > > "password" is not a acl, I tried proxy_auth but still no go ): > > Regards, > FB > > > -----Original Message----- > > From: Ernest Johanson [mailto:[EMAIL PROTECTED] > > Sent: 15 July 2003 19:30 > > To: Botha, Francois > > Cc: Debian-User > > Subject: Re: squid user_auth > > > > > > Francois, > > > > Try adding the keyword "password" to the end of your > > http_access allow directives. > > > > > > Ernest Johanson > > Systems Administrator > > Fuller Theological Seminary > > > > > > On Tue, 15 Jul 2003, Botha, Francois wrote: > > > > > Date: Tue, 15 Jul 2003 14:02:59 +0200 > > > From: "Botha, Francois" <[EMAIL PROTECTED]> > > > To: Debian-User <[EMAIL PROTECTED]> > > > Subject: squid user_auth > > > > > > Hi, > > > > > > I'm playing with squid-2.4.6-2 on a 3.0/stable machine and > > am having > > > problems with the user authentication bit. My > > authentication side of > > > the httpd.conf has: > > > > > > -- snip -- > > > acl all src 0.0.0.0/0.0.0.0 > > > acl localnetwork proxy_auth 192.168.0.0/255.255.255.0 > > > acl localusers proxy_auth REQUIRED > > > http_access deny !localnetwork > > > http_access allow localusers > > > http_access allow localnetwork > > > http_access deny all > > > proxy_auth_realm Squid proxy-caching web server > > authenticate_program > > > /usr/lib/squid/ncsa_auth /etc/passwd.squid #authenticate_program > > > /usr/lib/squid/pam_auth #authenticate_program /tmp/test.sh > > > -- /snip -- > > > > > > My squid dialog box pops up asking for username and > > password, I fill > > > this in (using ncsa_auth with /etc/passwd.squid with htpasswd -d > > > generated > > > passwords) and the box just pops up again, nothing in any > > logs regarding > > > this. > > > When I use ncsa_auth from the commandline with "username > > password" i get the > > > OK so all is well there. > > > > > > I've tried the same with pam_auth, and it also just pops up > > again in > > > the browser as-if my password is wrong, yet again - if I > > run it from > > > the commandline, it's happy. > > > > > > And yes, I have checked permissions of the /etc/passwd.squid, it is > > > only readable to the squid user (proxy), I've tried > > changing this to > > > a+rw out of desperateness but it's still acting the same way (: > > > > > > I've also made a simple shell script in /tmp which prints > > $@ for me to > > > another file, squid executes this but passes nothing as a argument, > > > i've put a 'read' line in the script and passed that towards a file > > > aswell and also got nothing?! > > > > > > -- snip -- > > > #!/bin/bash > > > # > > > > > > while true ; do > > > echo I was passed $@ > /tmp/test.out > > > read vars > > > echo I was also passed $vars >> /tmp/test.out > > > echo OK > > > done > > > -- /snip -- > > > > > > Output: > > > > > > -- snip -- > > > I was passed > > > -- /snip -- > > > > > > So, it does not get to filling in the read line bit?! > > > > > > I've searched all I could online and the only real problem is with > > > permissions of the passwd file - which I know is not a > > problem. Does > > > anybody have any ideas? > > > > > > Thanks, > > > Francois Botha > > > > > > Snr. Systems Engineer > > > e-mail: [EMAIL PROTECTED] > > > http://www.thawte.com > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
