Package: squid Version: 4.4-1 Severity: normal Dear Maintainer,
I was configuring basic_ncsa_auth authentication in squid and could not get it to work. Eventually I decided to check input of basic_ncsa_auth and replaced it with custom script: #!/bin/bash cat $@ > /tmp/args cat > /tmp/stdin After output examination, I learned that squid converts all characters to lowercase. In my case, login had uppercase characters in it. So call to basic_ncsa_auth never succeeded. In my opinion either squid should not convert characters to lowercase, or it should be clearly stated somewhere that uppercase characters are not allowed. tldr: basic_ncsa_auth option does not support usernames with uppercase characters. -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.12-custom (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages squid depends on: ii adduser 3.118 ii libc6 2.28-5 ii libcap2 1:2.25-1.2 ii libcom-err2 1.44.5-1 ii libdb5.3 5.3.28+dfsg1-0.2 ii libdbi-perl 1.642-1+b1 ii libecap3 1.0.1-3.2 ii libexpat1 2.2.6-1 ii libgcc1 1:8.2.0-14 ii libgnutls30 3.6.5-2 ii libgssapi-krb5-2 1.16.2-1 ii libkrb5-3 1.16.2-1 ii libldap-2.4-2 2.4.47+dfsg-2 ii libltdl7 2.4.6-6 ii libnetfilter-conntrack3 1.0.7-1 ii libnettle6 3.4.1~rc1-1 ii libpam0g 1.1.8-4 ii libsasl2-2 2.1.27~rc8-1 ii libstdc++6 8.2.0-14 ii libxml2 2.9.4+dfsg1-7+b3 ii logrotate 3.14.0-4 ii lsb-base 10.2018112800 ii netbase 5.5 ii squid-common 4.4-1 Versions of packages squid recommends: ii ca-certificates 20180409 ii libcap2-bin 1:2.25-1.2 Versions of packages squid suggests: pn resolvconf <none> ii smbclient 2:4.9.4+dfsg-1 pn squid-cgi <none> pn squid-purge <none> pn squidclient <none> ii ufw 0.36-1 pn winbindd <none> -- Configuration Files: /etc/squid/squid.conf changed: acl localnet src 192.168.1.0/24 # RFC 1918 local private network (LAN) acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic children 10 startup=0 idle=1 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 6 hours acl password proxy_auth REQUIRED http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager include /etc/squid/conf.d/* http_access allow password http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 -- no debconf information