[squid-users] NCSA and PAM Authentication Issue

Tue, 04 Mar 2003 20:09:39 -0800 

Dear All,

I am new to squid authentication and following some example, but
encounter the following problems.  Any advise and help is very much
appreciated.

OS: Redhat 7.3
Squid Version: squid-2.4.STABLE6-6.7.3

NCSA Authentication Issue
-------------------------

Successfully done using htaceess password file.  Below is the config I
had in squid.conf

authenticate_program /usr/lib/squid/ncsa_auth /usr/lib/squid/passwd
authenticate_children 5
acl passwordauth proxy_auth REQUIRED
http_access allow passwordauth

Problems
--------
1. Everytime a browser popup ask for login, the first page of access is
always denied and the log shown user NONE.

1046834575.375      1 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ - NONE/- -

After refreshing, it is OK.
1046834582.128      1 192.168.1.19 TCP_HIT/200 2687 GET
http://us.a1.yimg.com/us.yimg.com/i/mntl/sh/03q1/dell_cpu_2.gif tansy
NONE/- image/gif
1046834586.070   6771 192.168.1.19 TCP_MISS/200 39476 GET
http://www.yahoo.com/ tansy DIRECT/66.218.71.91 text/html

After I click refresh or goto any other sites, it is fine.  How to solve
this first page not loading issue.

2. How to make squid only ask for login once instead of every new
browser windows or every new HTML outlook mail.  This is very
troublesome for user to login when they read a new HTML mail from
outllok or open a new browser window.

PAM authentication Issue
------------------------

Added the folliwng to /etc/pam.d/squid

auth    required        /lib/security/pam_unix.so
account required        /lib/security/pam_unix.so

Then use the following squid confing setting

authenticate_program /usr/lib/squid/pam_auth 
authenticate_children 5
acl passwordauth proxy_auth REQUIRED
http_access allow passwordauth

Problems
---------
1. This is very serious, because everytime it authenticate, the page
will not load at all and refreshing also will not work.

Squid log show the following:

1046832838.211      0 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ - NONE/- -
1046832864.413   2320 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -
1046832880.622   2481 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -
1046832892.985   2462 192.168.1.19 TCP_DENIED/407 1365 GET
http://www.yahoo.com/ tansy NONE/- -

----------------------------------------------------


Anyone has any idea, please let me know.

Thanks in advance.

Siao Tan

Reply via email to