subject:"Re\: \[squid\-users\] Problems with Authenticator"

Re: [squid-users] Problems with Authenticator

2004-10-20 Thread Muthukumar


> has authenticated himself. If the authentication fails, the authenticator
> returns "ERR".

It is correct.

>
> My first try is this dummy-authenticator:
> When I use this authenticator, I am prompted for a username and password.
> After authenticating with any username and password, the proxy says:
>

Yes it is asking and working.
I have tried this in my Cache server for authentication type and it is working there.

> Cache Access Denied.
>http://www.google.com/
>

It seems your http_access rule is not allowing to access cache there.

> auth_param basic program /usr/src/null_auth

Are you having the authenticator in this location with executable permission there?
Try on command line as,
/usr/src/null_auth
test test
OK
OK
..

> auth_param basic children 20
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 1 minutes

> acl password proxy_auth REQUIRED
> http_access allow password

It is correct.

> Since I can find the "OK" in my cache.log, I assue that the authenticator
> is used by squid. Why does the authencation fail?

Are you using any more http_access rules there.? And did you reconfigure your running 
squid.? after making changes?
Try to stop your squid and use, configuration as,

auth_param basic program /usr/src/null_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl password proxy_auth REQUIRED

Go to the starting of #  TAG: http_reply_access.
# http rule
http_access allow auth
http_access deny all

Try now. Are you okie.

Regards
Muthukumar.


---
===  It is a "Virus Free Mail" ===
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.777 / Virus Database: 524 - Release Date: 10/14/2004

Re: [squid-users] Problems with Authenticator

2004-10-21 Thread Udo Pokojski


>Yes it is asking and working.
>I have tried this in my Cache server for authentication type and it is
working
>there.
>
>> Cache Access Denied.
>>http://www.google.com/
>>
>
>It seems your http_access rule is not allowing to access cache there.


>
>> auth_param basic program /usr/src/null_auth
>
>Are you having the authenticator in this location with executable permission
>there?
>Try on command line as,
>/usr/src/null_auth
>test test
>OK
>OK
>..
>

On command line, the authenticator works.

>> auth_param basic children 20
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 1 minutes
>
>> acl password proxy_auth REQUIRED
>> http_access allow password
>
>It is correct.
>
>> Since I can find the "OK" in my cache.log, I assue that the authenticator
>> is used by squid. Why does the authencation fail?
>
>Are you using any more http_access rules there.? And did you reconfigure
>your running squid.? after making changes?

I restart squid after changig the configuration.

>Try to stop your squid and use, configuration as,
>
>auth_param basic program /usr/src/null_auth
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>auth_param basic casesensitive off
>
>acl password proxy_auth REQUIRED
>
>Go to the starting of #  TAG: http_reply_access.
># http rule
>http_access allow auth
>http_access deny all
>
>Try now. Are you okie.
>

Now I end up in a timeout. After authenticating myself, the proxy is not
fetching the URL.
As a test I replaced in authenticator the string "OK" by "ERR". I expect
a "Cache access denied" error, I get no error. Regardless of the authenticator
one TCP_DENIED/407 is reported in access.log.

Squid seems to ignore the return value of the authenticator.

I am using this configuration:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic program /usr/sbin/null_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow password
http_access deny all
http_access deny !Safe_ports
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache/squid


When I am starting squid, I can find no errors in the cache.log:

proxy:/tmp # 2004/10/21 10:44:37| Starting Squid Cache version 2.5.STABLE3
for i686-pc-linux-gnu...
2004/10/21 10:44:37| Process ID 6574
2004/10/21 10:44:37| With 4096 file descriptors available
2004/10/21 10:44:37| DNS Socket created at 0.0.0.0, port 32771, FD 5
2004/10/21 10:44:37| Adding nameserver 192.168.12.3 from /etc/resolv.conf
2004/10/21 10:44:37| helperOpenServers: Starting 5 'null_auth' processes
2004/10/21 10:44:37| User-Agent logging is disabled.
2004/10/21 10:44:37| Referer logging is disabled.
2004/10/21 10:44:37| Unlinkd pipe opened on FD 15
2004/10/21 10:44:37| Swap maxSize 102400 KB, estimated 17066 objects
2004/10/21 10:44:37| Target number of buckets: 853
2004/10/21 10:44:37| Using 8192 Store buckets
2004/10/21 10:44:37| Max Mem  size: 8192 KB
2004/10/21 10:44:37| Max Swap size: 102400 KB
2004/10/21 10:44:37| Local cache digest enabled; rebuild/rewrite every 3600/3600
sec
2004/10/21 10:44:37| Rebuilding storage in /var/cache/squid (CLEAN)
2004/10/21 10:44:37| Using Least Load store dir selection
2004/10/21 10:44:37| Set Current Directory to /var/cache/squid
2004/10/21 10:44:37| Loaded Icons.
2004/10/21 10:44:37| Accepting HTTP connections at 0.0.0.0, port 3128, FD
17.
2004/10/21 10:44:37| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2004/10/21 10:44:37| HTCP Disabled.
2004/10/21 10:44:37| Accepting SNMP messages on port 3401, FD 19.
2004/10/21 10:44:37| WCCP Disabled.
2004/10/21 10:44:37| Ready to serve requests.
2004/10/21 10:44:37| Done reading /var/cache/squid swaplog (24 entries)
2004/10/21 10:44:37| Finished rebuilding storage from disk.
2004/10/21 10:44:37|24 Entries scanned
2004/10/21 10:44:37| 0 Invalid entries.
2004/10/21 10:44:37| 0 With invalid flags.
2004/10/21 10:44:37|24 Objects loaded.
2004/10/21 10:44:37| 0 Objec

Re: [squid-users] Problems with Authenticator

2004-10-21 Thread Udo Pokojski


>Yes it is asking and working.
>I have tried this in my Cache server for authentication type and it is
working
>there.
>
>> Cache Access Denied.
>>http://www.google.com/
>>
>
>It seems your http_access rule is not allowing to access cache there.


>
>> auth_param basic program /usr/src/null_auth
>
>Are you having the authenticator in this location with executable permission
>there?
>Try on command line as,
>/usr/src/null_auth
>test test
>OK
>OK
>..
>

On command line, the authenticator works.

>> auth_param basic children 20
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 1 minutes
>
>> acl password proxy_auth REQUIRED
>> http_access allow password
>
>It is correct.
>
>> Since I can find the "OK" in my cache.log, I assue that the authenticator
>> is used by squid. Why does the authencation fail?
>
>Are you using any more http_access rules there.? And did you reconfigure
>your running squid.? after making changes?

I restart squid after changig the configuration.

>Try to stop your squid and use, configuration as,
>
>auth_param basic program /usr/src/null_auth
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>auth_param basic casesensitive off
>
>acl password proxy_auth REQUIRED
>
>Go to the starting of #  TAG: http_reply_access.
># http rule
>http_access allow auth
>http_access deny all
>
>Try now. Are you okie.
>

Now I end up in a timeout. After authenticating myself, the proxy is not
fetching the URL.
As a test I replaced in authenticator the string "OK" by "ERR". I expect
a "Cache access denied" error, I get no error. Regardless of the authenticator
one TCP_DENIED/407 is reported in access.log.

Squid seems to ignore the return value of the authenticator.

I am using this configuration:

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic program /usr/sbin/null_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow password
http_access deny all
http_access deny !Safe_ports
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache/squid


When I am starting squid, I can find no errors in the cache.log:

proxy:/tmp # 2004/10/21 10:44:37| Starting Squid Cache version 2.5.STABLE3
for i686-pc-linux-gnu...
2004/10/21 10:44:37| Process ID 6574
2004/10/21 10:44:37| With 4096 file descriptors available
2004/10/21 10:44:37| DNS Socket created at 0.0.0.0, port 32771, FD 5
2004/10/21 10:44:37| Adding nameserver 192.168.12.3 from /etc/resolv.conf
2004/10/21 10:44:37| helperOpenServers: Starting 5 'null_auth' processes
2004/10/21 10:44:37| User-Agent logging is disabled.
2004/10/21 10:44:37| Referer logging is disabled.
2004/10/21 10:44:37| Unlinkd pipe opened on FD 15
2004/10/21 10:44:37| Swap maxSize 102400 KB, estimated 17066 objects
2004/10/21 10:44:37| Target number of buckets: 853
2004/10/21 10:44:37| Using 8192 Store buckets
2004/10/21 10:44:37| Max Mem  size: 8192 KB
2004/10/21 10:44:37| Max Swap size: 102400 KB
2004/10/21 10:44:37| Local cache digest enabled; rebuild/rewrite every 3600/3600
sec
2004/10/21 10:44:37| Rebuilding storage in /var/cache/squid (CLEAN)
2004/10/21 10:44:37| Using Least Load store dir selection
2004/10/21 10:44:37| Set Current Directory to /var/cache/squid
2004/10/21 10:44:37| Loaded Icons.
2004/10/21 10:44:37| Accepting HTTP connections at 0.0.0.0, port 3128, FD
17.
2004/10/21 10:44:37| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2004/10/21 10:44:37| HTCP Disabled.
2004/10/21 10:44:37| Accepting SNMP messages on port 3401, FD 19.
2004/10/21 10:44:37| WCCP Disabled.
2004/10/21 10:44:37| Ready to serve requests.
2004/10/21 10:44:37| Done reading /var/cache/squid swaplog (24 entries)
2004/10/21 10:44:37| Finished rebuilding storage from disk.
2004/10/21 10:44:37|24 Entries scanned
2004/10/21 10:44:37| 0 Invalid entries.
2004/10/21 10:44:37| 0 With invalid flags.
2004/10/21 10:44:37|24 Objects loaded.
2004/10/21 10:44:37| 0 Objec

Re: [squid-users] Problems with Authenticator

2004-10-21 Thread Henrik Nordstrom


On Thu, 21 Oct 2004, Udo Pokojski wrote:
Now I end up in a timeout. After authenticating myself, the proxy is not
fetching the URL.
Have you distabled buffering of stdout? If not your helper never sends the 
result back to Squid.. (sits in the libc stdio buffer waiting for your 
application to write more data to fill the buffer...)

In C
   setbuf(stdout, NULL);
anywhere before the main loop.
Regards
Henrik

Re: [squid-users] Problems with Authenticator Solved

2004-10-21 Thread Udo Pokojski


>
>>Yes it is asking and working.
>>I have tried this in my Cache server for authentication type and it is
>working
>>there.
>>
>>> Cache Access Denied.
>>>http://www.google.com/
>>>
>>
>>It seems your http_access rule is not allowing to access cache there.
>
>
>>
>>> auth_param basic program /usr/src/null_auth
>>
>>Are you having the authenticator in this location with executable permission
>>there?
>>Try on command line as,
>>/usr/src/null_auth
>>test test
>>OK
>>OK
>>..
>>
>
>On command line, the authenticator works.
>

The output of my authenticator seems to be buffered. I changed the source
to:

#include 

char buffer[256];

int main()
{

   while (fgets(buffer,256,stdin)!=NULL)
   {
   fprintf(stdout,"OK\n");
   fflush(stdout);
   fprintf(stderr,"OK\n");
   }
}


Now it works as expected.

Thanks,
   Udo Pokojski


http://www.epost.de - das Kommunikationsportal der Deutschen Post

Re: [squid-users] Problems with Authenticator

Re: [squid-users] Problems with Authenticator

Re: [squid-users] Problems with Authenticator

Re: [squid-users] Problems with Authenticator

Re: [squid-users] Problems with Authenticator Solved

5 matches

Site Navigation

Mail list logo

Footer information