RE: [squid-users] Squid3 and authenticating users SASL/MYSQL

From: Simon Brereton <simon.brereton_at_dada.net>
Date: Fri, 30 Apr 2010 16:26:56 +0200

> -----Original Message-----
> From: Amos Jeffries
> Sent: Friday, April 30, 2010 1:26 AM


> >>> my squid.conf looks like this:
> >>>
> >>> 1742 auth_param basic program /usr/lib/squid3/sasl_auth
> >>> /etc/postfix/sasl/smtpd.conf
> >> Does it actually need the config file listed? My understanding was
> >> that placing it in /usr/lib/sasl caused SASL to load it
> automatically
> >> as needed.
> >
> > Interesting - part of the problem I guess is that I didn't really
> understand the sasl mech when I set it up - and I can't really
> remember what I did. I only have .h and .c files in /usr/lib/sasl -
> after a bit of looking I found a file at /etc/default/saslauth that
> seems to list the config options for sasl. What I don't seem to be
> able to do at the moment is to tell /usr/lib/squid3/sasl_auth where
> or to do what it needs to do. (The file /etc/postfix/sasl/smtpd.conf
> tells saslauth what query to run on the DB to compare credentials.
> I'll keep trying.

Perhaps Ralf can help - since I largely set up SASL with his and Patrick's help *wave*

> >>> Trying
> >>> /usr/sbin/squid3 from the commandline with -d9 -N gives me too
> much
> >>> information although I'm trying now to trap it and see, but
> having
> >>> spent
> >> 48
> >>> hours to get this far, I thought I'd ask. It's probably as
> simple
> >> as
> >>> fixing line 1742, but I'd appreciate any pointers in doing that.
> >>>
> >> If this way gets too much there are two other helpers which may be
> an
> >> option for you:
> >> POP3 helper (squid tries to use the credentials to login to the
> POP
> >> server and uses the success/fail result from that).
> >> DB helper (Squid passes an SQL query direct to the MySQL
> database.
> >> Using the success/fail of that as the result)
> >
> > Frankly, either would be fine.. In fact, that's all that SASL is
> doing. The only reason I went for SASL was because it was the only
> thing I could find that seemed relevant to my system. MYSQL would be
> more than adequate since it removes the middle-man.. However, I
> don't find documentation on this. Can you point me to some?
> >
> > I found this: http://www.squid-
> cache.org/Versions/v3/HEAD/manuals/basic_db_auth but I can't find
> db_auth.pl on my system so I don't know what to put for the
> auth_param basic program..
> >
>
> Thats manual you found is pretty much the entire documentation for
> the DB helper. It does not mention that the --cond parameter can take
> a whole string of complex condition if its quoted with "".
>
> Luckily that latter is a perl script. I have a temporary copy here:
> http://treenet.co.nz/projects/squid/src/helpers/basic_auth/DB/basic_d
> b_auth.in
>
> Just needs:
> alter the @PERL@ in the first line
> remove the file extension.
> chmod / chown to the squid user with read/execute privileges.
> configure squid.conf

Forgive me for being an idiot. Sometimes what's clear to the person who wrote something is a complete black box to someone trying to use it (and I disclose I'm not techie, just a geek).

That manual page doesn't say where these options should go. I presume on the command line (i.e. immediately following /usr/lib/squid3/basic_db_auth) as in

/usr/lib/squid3/basic_db_auth --dsn=Mail --table=Accounts, etc.

But is it --dsn=Mail or --dsn Mail (both are common in *nix world..)

Also, could I put my args in a file (say /etc/squid3/dbauth) and just have:

/usr/lib/squid3/basic_db_auth /etc/squid3/dbauth

Finally, I opted for editing basic_db_auth (I would have opened it up even if I didn't need to change the @PERL@ and when I saw the my options in there, I figured that would be easiest route). However - and this may not be related, I'm getting a seg fault.


donald:~# /etc/init.d/squid3 start
Starting Squid HTTP Proxy 3.0: squid32010/04/30 15:19:31.080| Processing: 'log_fqdn on'
2010/04/30 15:19:31.080| Processing: 'dns_nameservers 127.0.0.1 8.8.8.8'
2010/04/30 15:19:31.080| Processing: 'auth_param basic program /usr/lib/squid3/libexec/basic_db_auth '
2010/04/30 15:19:31.080| storeDirWriteCleanLogs: Starting...
2010/04/30 15:19:31.080| file_open: FD 5
/etc/init.d/squid3: line 32: 19094 Segmentation fault start-stop-daemon --quiet --start --pidfile $PIDFILE --exec $DAEMON -- $SQUID_ARGS </dev/null
 failed!

I googled, but the only results I could find were in Japanese..

Simon


Received on Fri Apr 30 2010 - 14:28:17 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 30 2010 - 12:00:06 MDT