Configure an NCSA-style username and password authentication I am going to assume that squid is installed and working fine. Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization Step # 1: Create a username/password First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users. # htpasswd /etc/squid/passwd user1 Output: New password: Re-type new password: Adding password for user user1 Make sure squid can read passwd file: # chmod o+r /etc/squid/passwd Step # 2: Locate nsca_auth authentication helper Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command: # dpkg -L squid | grep nsca_auth Output: /usr/lib/squid/ncsa_auth If you are using RHEL/CentOS/Fedora Core or RPM based distro try: # rpm -ql squid | grep nsca_auth Output: /usr/lib/squid/ncsa_auth Step # 3: Configure nsca_auth for squid proxy authentication Now open /etc/squid/squid.conf file # vi /etc/squid/squid.conf Append (or modify) following configration directive: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
Also find out your ACL section and append/modify acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users Save and close the file. Where, auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location auth_param basic children 5 : The number of authenticator processes to spawn. auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours. auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated. Restart squid: # /etc/init.d/squid restart Dinish M. Ongcol, ECE Information Technology STEAG State Power Inc. Villanueva, Misamis Oriental Philippines ----- Original Message ---- From: Ray S. Rañoa <[EMAIL PROTECTED]> To: [email protected] Sent: Monday, February 25, 2008 7:29:58 PM Subject: [klug] Ask squid authentication config Hello, Ask lang unta ko how enable authentication on squid when you open the browser they ask username and password. for security reason. Salamat, Ray -----Inline Attachment Follows----- _________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph
