[squid-users] Can not pass Squid basic authentication

Amos Jeffries squid3 at treenet.co.nz
Fri Oct 9 01:54:27 UTC 2015


On 9/10/2015 3:50 a.m., birbird wrote:
> Hi All,
> 
> 
> I have setup basic authentication for Squid, but I can not get passed from browser, just asked to inpu user/password time and time again.
> 
> 
> I was stuck at, the command
> /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> dose not give any output. I think it means squid can not get the authentication info. But I have no idea what to do next.
> 

Can you upgrade your Squid to something more current?
The helper has been called basic_ncsa_auth since Squid-3.2


> 
> I create my password by
> htpasswd -d /etc/squid/squid_passwd dan
> 

DES encoded passwords are highly insecure. Particularly if you are
trying to use more than 8 characters. Or any non-ASCII characters.

Current Squid NCSA helper rejects DES passwords greater than 8
characters since Squid-3.1.15.


> 
> I also tried -m for htpasswd, it do generate different encrypted text, but still can not be recognized by /usr/lib64/squid/ncsa_auth.
> 

You really need a newer Squid. MD5 support was added about Squid-2.6.


> 
> My squid config is:
> 
> 
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_Ports
> 
> 
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> acl ncsa_users proxy_auth REQUIRED
> 
> http_access allow ncsa_users
> 

That looks fine. Assuming there are no http_access above it, nor other
access rules using authentication.

Amos


More information about the squid-users mailing list