On Mon, 21 Jan 2019 18:12:37 +0300 "Matsievskiy S.V." wrote: > > After output examination, I learned that squid converts all characters to > lowercase. > In my case, login had uppercase characters in it. So call to basic_ncsa_auth > never succeeded. > > In my opinion either squid should not convert characters to lowercase, or it > should be clearly stated somewhere that uppercase characters are not allowed. >
Due to the security vulnerabilities and issues inherent in allowing case-sensitive usernames most auth systems operate case-insensitively. The Squid default is tuned to match those most commonly encountered environment(s) behaviour. (You may find it useful to look up what those security problems are and consider carefully why so many others prohibit mixed-case accounts.) The "casesensitive" parameter for auth_param is provided for this use-case and is already documented under "Basic authentication parameters". See <http://www.squid-cache.org/Doc/config/auth_param/>. FYI: For ease of testing there are "fake" helper(s) provided for most Squid helper directives - which only return OK (or equivalent) to Squid. All official helpers should also provide a "-d" command line option which delivers their debugging information to cache.log. I mention this because that bash script does not perform any of the Squid helper protocol. Which must have been a pain to test against. For example; I replicated the reported behaviour using just this: auth_param basic program /usr/lib/squid/basic_fake_auth -d HTH Amos
