Re: [squid-users] NCSA-auth don't work for file contain too many passswords

Fri, 11 Nov 2016 09:30:13 -0800 

On 2016-11-11 21:05, --Ahmad-- wrote:

hi squid users .
i have problem when i use basic_ncsa auth

the auth work when i have few passwords in the file of auth .
as example
auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user 
acl ncsa_users proxy_auth REQUIRED
auth_param basic children 100
http_access allow ncsa_users



user like 30 in the file /etc/squid/squid_user  is ok

but when i use like 20K password ….. squid always give me wrong pwd .

is there any turning i need ?

I’m using squid 3.5.2

BTW i use the cmd as ex ——————>     htpasswd -db /etc/squid/squid_user
user1 user1


Hi Ahmad,
I can't reproduce the problem using Squid 3.5.22. I used following method to verify the case: 

1. Edit default config.
# diff -u etc/squid.conf.default etc/squid.conf
--- etc/squid.conf.default      2016-10-28 15:54:53.851704360 +0500
+++ etc/squid.conf      2016-11-11 22:21:22.561765731 +0500
@@ -1,3 +1,4 @@
+auth_param basic program /usr/local/squid35/libexec/basic_ncsa_auth /usr/local/squid35/etc/passwd 
 #
 # Recommended minimum configuration:
 #
@@ -23,6 +24,7 @@
 acl Safe_ports port 591                # filemaker
 acl Safe_ports port 777                # multiling http
 acl CONNECT method CONNECT
+acl AUTHENTICATED proxy_auth REQUIRED

 #
 # Recommended minimum Access Permission configuration:
@@ -45,6 +47,7 @@
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #
+http_access deny !AUTHENTICATED

 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks


2. Create ncsa passwords db for 20k users.
# for i in {1..20000}; do echo "user${i}:$(openssl passwd -apr1 pass${i})" >> /usr/local/squid35/etc/passwd; done 


3. Initiate requests using different usernames from the db.
$ for i in 1 5000 10000 15000 20000; do curl -v -x http://user${i}:pass${i}@127.0.0.1:3128 http://mirror.comnet.uz/centos/2/readme.txt > /dev/null; done 2>&1 | egrep '(user|OK)' 
* Proxy auth using Basic with user 'user1'
< HTTP/1.1 200 OK
* Proxy auth using Basic with user 'user5000'
< HTTP/1.1 200 OK
* Proxy auth using Basic with user 'user10000'
< HTTP/1.1 200 OK
* Proxy auth using Basic with user 'user15000'
< HTTP/1.1 200 OK
* Proxy auth using Basic with user 'user20000'
< HTTP/1.1 200 OK
Can you try the method using Squid 3.5.2? If it would fail, can you try Squid 3.5.22? 

Garri
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to