Can't get Squid Authentication running
-
Hello
I want to use squid for security reasons so that in my network only these get access to the web when I allowed it while blocking 80 and 443 for everyone else.
I have set up squid in my pfsense and it works well as transparent and non-transparent proxy. But as soon as I enable authentication (in non-transparent mode), it doesn't work. Set the authentication to local and created an user under the User tap, however squid keeps refusing the connection after entering username and password. The documentation also only tells me about setting up squid as a transparent proxy but not as non-transparent with authentication.
Am I understanding this wrong? What "local" does the package mean there? I also tried creating a pfsense user but that doesn't work as well.
PS: Squid has created a file in /var/etc/squid.passwd containing my username and a an encrypted password but still can't log in…
-
I think I found a problem…
I used a too long password:After reading this
passwords encripted with "crypt" (e.g. with htpasswd -d) actually work,
with the caveat that passwords longer than 8 characters are not
truncated and will always fail (even if the first 8 characters are
correct). This is wrong in my opinionhttps://bugzilla.redhat.com/show_bug.cgi?id=896127
So I tried a very weak simple and short password "test" and it works.
Can anyone confirm that this is a bug in the Squid package or is that a normal behaviour?
-
Update to the latest squid package. I have put in a fix to properly handle longer passwords.
-
Was this broken all the way through 2.2.6 then?
-
Was this broken all the way through 2.2.6 then?
On older versions of squid it failed silently – It would accept a longer password but only check the first 8 chars. The newer version properly rejected that as a mismatch until the method was changed to used a password hash that allowed longer than 8 char passwords.
So before it was even more insecure, but it was not obviously insecure.
