Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 + amd64 + local auth FAILS

    Cache/Proxy
    2
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pwnell
      last edited by

      I need help urgently please.  I have pfSense 2.2.1 amd64 and squid3.  All I did was to enable "Allow users on interface", disable transparent proxy, enable local authentication, added three user accounts under the Users tab and tried to authenticate.  I get the popup box for my proxy password on my computer, but entering it does nothing - it just redisplays it.  Squid's logs is of no use as they just show access denied.

      I dug deeper and ran this command by hand:
      /usr/pbi/squid-amd64/local/libexec/squid/basic_ncsa_auth /var/etc/squid.passwd

      which returned an error:
      Shared object "libmd5.so.0" not found, required by "basic_ncsa_auth"

      So I did:
      ln -s /usr/pbi/squid-amd64/local/lib/libmd5.so.0.1.0 /lib/libmd5.so.0
      ldconfig

      and tried again:
      /usr/pbi/squid-amd64/local/libexec/squid/basic_ncsa_auth /var/etc/squid.passwd

      it returned no errors this time.

      So I rebooted pfSense and tried again - still no go.  Squid keeps on issuing login prompts and the credentials do not work.  Any ideas?

      UPDATE: It seems if I enter a simple password of 8 characters or less it works, more than that and it fails??

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        If I remember right, the password can't be more than 8 chars long.

        1 Reply Last reply Reply Quote 0
        • P
          pwnell
          last edited by

          Thanks for your reply.  Any idea why?  8 characters is kind of outdated.  It can be brute forced in less than a day on commodity hardware.  Does it have anything to do with DES being used?  Any way to work around this?  Other than going for an LDAP authentication?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I have no idea about any of your questions, sorry.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.