[squid-users] Authentication related query
Hi All, The squid is configured to use pam_auth as a basic auth helper and the cache is disabled.For every url request a popup window appears asking for user name and password. Is there a way to avoid this from happening for every request?The requirement is as follows :- The first time a request comes from a particular IP , the login page should be popped up.But for some defined time interval , any requests coming from the same IP should not be asked to login. I tried setting the credentialsttl option in the squid.conf file but it doesn't serve the purpose.I think we need the IP and the current time when the first time successful authentication happens for that IP to be mapped and saved in the user cache.Each time a request comes in this mapping will have to be compared with the allowed time period and only if the time has exceeded the the user should be prompted to relogin. Kindly tell me how to do this. Regards and TIA, Deepa Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
Re: [squid-users] Authentication related query
On Fri, 19 Sep 2003, Deepa D wrote: > The squid is configured to use pam_auth as a basic > auth helper and the cache is disabled. For every url > request a popup window appears asking for user name > and password. Are you attemting to set up authentication in a transparently intercepting proxy? This is not possible to do due to the nature of intercepting port 80. To use authentication you MUST have the browser configured to use the proxy. Regards Henrik
Re: [squid-users] Authentication related query
Hi, No,the browser is configured to use the proxy. Regards and TIA, Deepa --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On Fri, 19 Sep 2003, Deepa D wrote: > > > The squid is configured to use pam_auth as a > basic > > auth helper and the cache is disabled. For every > url > > request a popup window appears asking for user > name > > and password. > > Are you attemting to set up authentication in a > transparently intercepting > proxy? This is not possible to do due to the nature > of intercepting port > 80. > > To use authentication you MUST have the browser > configured to use the > proxy. > > Regards > Henrik > Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
RE: [squid-users] Authentication related query
> No,the browser is configured to use the proxy. Then the problem could be with your browser. Squid requires the browser to send the authentication credentials for every request made. It is the browser alone that controls when and how to get the authentication info from the user. Post your squid.conf so we can make sure nothing's wrong there - be sure to remove any blank lines or comments. Adam
Re: [squid-users] Authentication related query
On Fri, 19 Sep 2003, Deepa D wrote: > No,the browser is configured to use the proxy. Then I do not know what the cause may be... have you tried with another browser? Regards Henrik
RE: [squid-users] Authentication related query
Hi, Thanks for the response.I am herewith pasting the squid.conf for ur perusal. http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl all src 0/0 no_cache deny all cache_dir null /usr/local/squid/var/ # The below options are for redirect #debug_options ALL,1 61,9 33,5 redirect_program /usr/local/ContentFilter/filter redirect_children 5 auth_param basic program /usr/local/squid/sbin/pam_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 10 minutes authenticate_ttl 10 minutes authenticate_ip_ttl 10 minutes refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl authenticated proxy_auth REQUIRED acl servers dst 10.10.10.47 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow servers http_access allow authenticated http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all icp_access allow all coredump_dir /usr/local/squid/var/cache redirector_bypass off Kindly tell me if there is any problem in the conf. Regards and TIA, Deepa --- Adam Aube <[EMAIL PROTECTED]> wrote: > > No,the browser is configured to use the proxy. > > Then the problem could be with your browser. Squid > requires the > browser to send the authentication credentials for > every request made. > It is the browser alone that controls when and how > to get the > authentication info from the user. > > Post your squid.conf so we can make sure nothing's > wrong there - be > sure to remove any blank lines or comments. > > Adam > Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
Re: [squid-users] Authentication related query
>Thanks for the response.I am herewith pasting the > squid.conf for ur perusal. As far as I can tell, your squid.conf looks ok (though I've never used pam_auth before). Unless it is a problem with pam_auth, I would have to say it is most definitely a browser problem. An easy way to check would be to switch to a different basic auth helper (such as ncsa_auth) and see if the problem goes away. Adam
