O.K. I did some checking. Just for reference, I am consulting (and quoting from) the user guide Copyright (c) 2003 Oskar Pearson, and the source code for
squid that I have is 2.5.STABLE13. (My directory structure follows that of the guide, namely
squid is installed at
/usr/local/squid.)
In the section "Username/Password pair," the guide says:
Quote:
Squid uses modules to do user authentication, rather than including code to do it directly. The default Squid source does, however, include two standard modules; The first authenticates users from a file, the other uses SMB (Windows NT) authentication. These modules are in the auth_modules directory in the source directory. These modules are not compiled when you compile Squid itself, and you will need to chooes an authentication module and run make in the appropriate directory. If the compile goes well, a make install will place the program file in the /usr/local/squid/bin/ directory and any config files in the /usr/local/squid/etc/ directory.
NCSA authentication is the easiest to use, since it's self contained. The SMB authentication program requires that SAMBA be installed, since it effectively talks to the NT server through SAMBA.
The squid.conf file uses the authenticate_program tag to decide which external program to use to authenticate users. If Squid were to only start one authentication program, a slow username/password lookup could slow the whole cache down (while all other connections waited to be authenticated). Squid thus opens more than one authentication program at a time, sending pending requests to the second when the first is busy, the third when the second is and so forth. The actual number started is specified by the authenticate_children squid.conf value. The default number started is five, but if you have a heavily loaded cache then you will need to increase this value.
|
So I am interpreting this to mean you can either use an authentication module you have obtained from elsewhere, or you can use one of the two (several? see below) that are included in the
squid source code. In either case you must tell
squid about it in
squid.conf.
I could not find an
auth_modules directory. At one point I thought
squid-2.5.STABLE13/src/auth might contain what the author was referring to. While there were subdirectories that looked promising, I could not get the
make command to do anything useful in these directories.
So there appears to be several inaccuracies in what I quoted above, possibly due to modifications since 2003. I now believe that the source directories for the authentication modules provided with
squid are subdirectories of
squid-2.5.STABLE13/helpers/basic_auth. There appear to be at least six of these, including NCSA, MSNT, and MSB. To use one of the provided modules, you need to
cd into the directory for the method you want to use and run
make and
make install. My guess is you need to do this
after doing the initial
./configure for
squid (I am not aware of any specific options you need to give
configure for authentication, but I could be wrong). Contrary to the quoted passage, the resulting module is installed in
/usr/local/squid/libexec. (I tried to compile and install from all of the subdirectories of
basic_auth using
for loops for automation. It looked to me like there were some errors, which might be the reason it didn't appear that all the directories produced a module, but I didn't really investigate it.)
Without actually having used this myself, that's probably about the limit of the help I can provide you. I hope this has been of some help. If you learn more, by all means post back so others can learn from this thread.
Good luck.
