Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
local Squid proxy to forward authentication to company proxy (not plain text)
13 views
Skip to first unread message
dmc...@gmail.com
Dec 4, 2017, 11:43:16 AM12/4/17
to
Hi,
I have a company proxy that needs user authentication to work. I'm trying to centralize all my linux configuration files (wgetrc, yum.conf, .gitconfig, etc) to just use one proxy.
My issue is that I don't want to plain text my password in the various config files so I'm trying to get squid to take my username and password and pass it onto the company proxy so I can download what i need. The issue is that I've tried using this in my squid.conf file:
cache_peer 10.**.**.20 parent 8080 0 login=username:password
This works but the password is in plain text. I've also used htpasswd to create a file with a username and hashed password and added these settings into squid.conf:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 3 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
If i remove my cache_peers line, squid doesn't know where to forward and I've tried just removing the login section of the line but i've not had any success.
This doesn't send my username and password to the company proxy server. so... does anyone have any advice on how I can forward my request from a local squid proxy with my username and password and get to the internet via the company proxy?
Thanks for your help,
Dennis
I have a company proxy that needs user authentication to work. I'm trying to centralize all my linux configuration files (wgetrc, yum.conf, .gitconfig, etc) to just use one proxy.
My issue is that I don't want to plain text my password in the various config files so I'm trying to get squid to take my username and password and pass it onto the company proxy so I can download what i need. The issue is that I've tried using this in my squid.conf file:
cache_peer 10.**.**.20 parent 8080 0 login=username:password
This works but the password is in plain text. I've also used htpasswd to create a file with a username and hashed password and added these settings into squid.conf:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 3 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
If i remove my cache_peers line, squid doesn't know where to forward and I've tried just removing the login section of the line but i've not had any success.
This doesn't send my username and password to the company proxy server. so... does anyone have any advice on how I can forward my request from a local squid proxy with my username and password and get to the internet via the company proxy?
Thanks for your help,
Dennis
0 new messages