Friday, November 28, 2008

yum stuff

note to self When creating yum repositories with RHEL5 installation media, use createrepo -g with the comps-*.xml files inside {Server, Cluster, ClusterStorage, VT}/repodata directories. createrepo -g will add the necessary meta-data on to the repo, necessary for yum group functions to work properly. Eg. yum grouplist, yum groupinstall

Monday, November 03, 2008

Enabling basic authentication in Squid

Found this in my gmail archive and thought it would be easier to have it on my blog. 
 I had replied with this to someone on the lug.lk mailing list. 

Actually noticed an error on my reply as well, which is corrected on the below. 

 -2007-08-01 

Squid supports lot of authentication methods. I'll put the basic method that uses ncsa_auth program. 
You need to make the following changes to your squid.conf. 

Please be advised that the below, gives only a very basic proxy setup with authentication. 

 If you want something complex, you might want to the squid documentation. 

**Backup your existing squid.conf

Put/uncomment following lines to your squid.conf

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd 

ncsa_auth program is installed along squid in redhat flavours, under /usr/lib/squid/ . 
"/etc/squid/passwd" is the name of the file where all the passwords will be kept. 
You can change this to point to wherever you want in the file system. 

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off 

First line below is an ACL named "authenticated_user" Second line defines the networks in the LAN. 
This should be changed according to your setup. ( i just copied over from def: squid.configuration :-) )

The third allows http access through the proxy for Authenticated connections coming from the specified networks. 

acl authenticated_user proxy_auth REQUIRED 
acl our_networks src 192.168.1.0/24 192.168.2.0/24 
http_access allow our_networks authenticated_user

Once you have made the above changes to the squid.conf you have to create the username/passwords in the specified file. ( /etc/squid/squid_passwd in this ) 

For that, do, htpasswd -c /etc/squid/squid_passwd username password 

After adding the 1st user in the above way, to add more new users, use the below method. 

htpasswd /etc/squid/squid_passwd username password 

You can find out various parameters you can use with htpasswd from the man page. 

When everything is done, simply restart the squid service.. 

If you want squid to connect to a separate service for authentication, refer to the squid documentation, there are quite a few methods that are currently supported.

java security exceptions

note to self Found somewhat easy way to get around the annoying java security settings. Simply add the destinations preceded by http://...