Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
sblantipodi
PostPosted: Tue Jul 09, 2013 3:39 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
As title,
I'm shocked.

I'm running squid on CentOS 6.4.

This are the step I used to install it:
yum install squid -y

Code:
this the squid.conf parameters:
# add auth_params
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 2
auth_param basic realm My Proxy Server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
# add acl rules
acl users proxy_auth REQUIRED
# http access rules
http_access deny !users
http_access allow users


some commands to configure the password:
Code:
touch /etc/squid/passwd
chown root.squid /etc/squid/passwd
chmod 640 /etc/squid/passwd
htpasswd /etc/squid/passwd username


Suppose that in the
htpasswd /etc/squid/passwd username
command I type a password like this:
ciaooaic

now when the browsers asks me for auth if I type a password like this:
ciaooaicds

the password is accepted :shock: :shock: :shock:

the passwords, clearly don't match but it is accepted.

what a crappy authentication is this?
Top
   
Reply with quote  
bacon
PostPosted: Tue Jul 09, 2013 3:43 pm 
Offline
Junior Member

Joined: Sun Jun 24, 2012 4:27 pm
Posts: 29
Have you tried an obviously wrong password?
Top
   
Reply with quote  
Nuvini
PostPosted: Tue Jul 09, 2013 3:43 pm 
Offline
Senior Member

Joined: Fri Feb 17, 2012 8:20 pm
Posts: 365
http://www.squid-cache.org/Advisories/SQUID-2011_2.txt
Top
   
Reply with quote  
sblantipodi
PostPosted: Tue Jul 09, 2013 3:56 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
Nuvini wrote:
http://www.squid-cache.org/Advisories/SQUID-2011_2.txt


from that note it seems that with Squid 3.1 it is possible to workaround the problem using
the
htpasswd -m /etc/squid/passwd username

in this way, I'm not able to authenticate anymore... :|
Top
   
Reply with quote  
sblantipodi
PostPosted: Tue Jul 09, 2013 4:10 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
in the file you linked me is wrote that Squid 3.3 fixed this problem,
I installed squid 3.3.6 and I have the same problem. :roll:
Top
   
Reply with quote  
rsk
PostPosted: Wed Jul 10, 2013 4:14 pm 
Offline
Senior Member
User avatar

Joined: Tue Nov 24, 2009 1:59 pm
Posts: 362
If you'll create a passwordfile with "htpasswd", it uses crypt(), and that saves only first eight characters.

If you'll create a passwordfile with "htpasswd -m" uses md5 that saves whole password.
Note that usually all passwords in the file need to be in the same format for anything to work.

Glancing at the .txt, the MD5 option works both with Squid 3.1 and 3.3.

So, maybe rename the old passwordfile, create a new one and make a user entry...
Code:
% mv sqpasswd old.sqpasswd
% touch sqpasswd
% htpasswd -m sqpasswd username


Code:
% cat sqpasswd
username:$apr1$blAHBLah1234


The $apr1$ part is the MD5-encoding marker.

Then maybe restart squid just in case, and try to authenticate.

_________________
rsk, providing useless advice on the Internet since 2005.
Top
   
Reply with quote  
sblantipodi
PostPosted: Thu Jul 11, 2013 9:09 am 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
at the end I solve using the
auth_param digest program /usr/lib64/squid/digest_file_auth -c /etc/squid/users
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group