[squid-users] Auth conf help
Amos Jeffries
squid3 at treenet.co.nz
Tue Apr 14 03:15:33 UTC 2015
On 14/04/2015 11:26 a.m., Balázs Szabados wrote:
> Hi,
>
> I'd like to ask your help regarding configuring authentication with Squid.
>
> My auth related conf:
>
> auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/passwd
Possile Problem #1:
digest_pw_auth has not existed in some years. The helpers correct
current name is digest_file_auth. Please upgrade.
> auth_param digest children 5
> auth_param digest realm squid
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 30 minutes
> auth_param digest nonce_max_count 50
> acl password proxy_auth REQUIRED
> http_access allow password
Possible Problem #2:
when wrong credentials are presented the "http_access allow password"
will NOT require new ones. It will just skip to the next line - which is
an implicit "deny all"
Use this instead:
http_access deny !password
http_access allow localnet
Possible Problem #3:
the client you are testing with may not support Digest authentication.
In the current Squid releases use "debug_options 11,2" in squid.conf to
get a cache.log trace of the HTTP headers the client is sending.
Amos
More information about the squid-users
mailing list