[squid-users] Can not pass Squid basic authentication
Amos Jeffries
squid3 at treenet.co.nz
Fri Oct 9 01:54:27 UTC 2015
On 9/10/2015 3:50 a.m., birbird wrote:
> Hi All,
>
>
> I have setup basic authentication for Squid, but I can not get passed from browser, just asked to inpu user/password time and time again.
>
>
> I was stuck at, the command
> /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> dose not give any output. I think it means squid can not get the authentication info. But I have no idea what to do next.
>
Can you upgrade your Squid to something more current?
The helper has been called basic_ncsa_auth since Squid-3.2
>
> I create my password by
> htpasswd -d /etc/squid/squid_passwd dan
>
DES encoded passwords are highly insecure. Particularly if you are
trying to use more than 8 characters. Or any non-ASCII characters.
Current Squid NCSA helper rejects DES passwords greater than 8
characters since Squid-3.1.15.
>
> I also tried -m for htpasswd, it do generate different encrypted text, but still can not be recognized by /usr/lib64/squid/ncsa_auth.
>
You really need a newer Squid. MD5 support was added about Squid-2.6.
>
> My squid config is:
>
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_Ports
>
>
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> acl ncsa_users proxy_auth REQUIRED
>
> http_access allow ncsa_users
>
That looks fine. Assuming there are no http_access above it, nor other
access rules using authentication.
Amos
More information about the squid-users
mailing list