Enabling basic authentication in Squid
Found this in my gmail archive and thought it would be easier to have it on my blog. I had replied with this to someone on the lug.lk mailing list. Actually noticed an error on my reply as well, which is corrected on the below.
-2007-08-01
Squid supports lot of authentication methods. I'll put the basic method that uses ncsa_auth program. You need to make the following changes to your squid.conf. Please be advised that the below, gives only a very basic proxy setup with authentication. If you want something complex, you might want to the squid documentation.
**Backup your existing squid.conf
Put/uncomment following lines to your squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
ncsa_auth program is installed along squid in redhat flavours, under /usr/lib/squid/ . "/etc/squid/passwd" is the name of the file where all the passwords will be kept. You can change this to point to wherever you want in the file system.
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
First line below is an ACL named "authenticated_user"
Second line defines the networks in the LAN. This should be changed according to your setup. ( i just copied over from def: squid.configuration :-) )
The third allows http access through the proxy for Authenticated connections coming from the specified networks.
acl authenticated_user proxy_auth REQUIRED
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks authenticated_user
Once you have made the above changes to the squid.conf you have to create the username/passwords in the specified file. ( /etc/squid/squid_passwd in this )
For that, do,
htpasswd -c /etc/squid/squid_passwd username password
After adding the 1st user in the above way, to add more new users, use the below method.
htpasswd /etc/squid/squid_passwd username password
You can find out various parameters you can use with htpasswd from the man page.
When everything is done, simply restart the squid service..
If you want squid to connect to a separate service for authentication, refer to the squid documentation, there are quite a few methods that are currently supported.
Comments
I wanted to setup an auth method for the dans guardian to prompt for access and grant if the ldap (AKA AD in windows is authenicated against)
can you help with that?
sorry for the very delayed reply.. Since DansGuardian and Squid are normally integrated using cache_peer, you should be able to do the necessary authentications at the Squid level, when a client makes a request.
However im not sure if DansGuardian alone is capable of such things.