配置Squid 最新版使用MySQL服务器进行认证

不使用PAM方式 改为MYSQL方式

先下载插件

cd /opt
wget -c http://people.arxnet.hu/airween/mysql_auth/mysql_auth-0.8.tar.gz

解压后进入目录

更改

src/mysql_auth.conf

MAKE 一次

make
gcc -I/usr/include -L/usr/lib -c -o src/mysql_auth.o src/mysql_auth.c
gcc -I/usr/include -L/usr/lib -c -o src/confparser.o src/confparser.c
gcc -I/usr/include -L/usr/lib -c -o src/mypasswd.o src/mypasswd.c
gcc -o mysql_auth src/mysql_auth.c src/confparser.c -lmysqlclient -I/usr/include -L/usr/lib
gcc -o mypasswd src/mypasswd.c src/confparser.c -lmysqlclient -I/usr/include -L/usr/lib

执行前 请确定 你的用户 Proxy正确 如果不是请更改

install -o proxy -g shadow -m 755 mysql_auth /usr/lib/squid/mysql_auth
install -o root -g root -m 700 mypasswd /usr/local/bin/squid-passwd

make -p /usr/local/squid/etc/
install -o proxy -g root -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf
install -o proxy -g root -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf.default

完成后更新squid.conf 认证方式

###########################################
#This is used for MySQL authentication
auth_param basic program /usr/lib/squid/mysql_auth
#For squid with PAM authentication
#auth_param basic program /usr/lib/squid/pam_auth -1

auth_param basic children 5
auth_param basic realm Magnet Internet Authentication
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
###########################################

添加ACL

acl password proxy_auth REQUIRED
acl acl_name proxy_auth “/etc/proxy/user.list”
acl allow_sites dstdom_regex -i “/etc/proxy/allow.sites”
acl block_sites dstdom_regex -i “/etc/proxy/block.sites”

* add rule for access/privleges
http_access allow allow_sites
http_access deny block_sites !acl_name

查看MYSQL的配置文件

cat src/mysql_auth.conf
#
# mysql_auth.conf – an mysql authenticator config file
# this is the default name. you can call this by other name,
# but set up it in mysql_auth-source/src/define.h.
#
# comment: first character in line is ‘#’
# empty line (EOL at first) allowed
#
# format of parameters and their values:
# parameter – SPACE(S) and/or TAB(S) – value
#
# IMPORTANT: see the mysql_auth-source/scripts/create_script
# this configuration file made by this script
#
# by Ervin Hegedus, 2002, 2003

# hostname
#
# where is the mysql server – the server hostname or IP address;
# first ‘hostname’ directive, and after space(s) or tab(s) its
# value
#
# default:
###################################

hostname 192.168.1.50

###################################
# user
#
# which user can connect to database
# default:

###################################

user mysql_user

###################################
# password
#
# user’s password for database, that store the accounts
# default:

###################################

password mysql_passwd

###################################
# database
#
# mysql database name, where accounts places are
# default:

###################################

database mysql_auth

###################################
# mysql socket
#
# if mysqld doesn’t use INET socket, you must to set this parameter
# where is the location of mysqld socket; if mysqld use INET socket,
# put NULL value
# default:

###################################

mysqld_socket /var/run/mysqld/mysqld.sock

###################################
# next three directives tells what will the select query,
# like this:
# SELECT * FROM table WHERE user_column LIKE “username” AND password_column LIKE “password”
# where username and password comes from client in HTTP header,
# and user_column and password_column is the columns name in table
# this is an easy way to tune this program to your existing database

# table
#
# the table name, where accounts exist in user-password pair
# default:

###################################

table squid_users

###################################
# user_column
#
# user column name in table
# if you already have a database, what contains user-password
# pair, you can set it here

###################################

user_column user_name

###################################
# password_column
#
# password column name in table
# like user column name above
###################################

password_column user_passwd

###################################
# encrypt_password_form
#
# passwords are stored in encrypted form,
# using mysql internal ‘password()’ function
# this mean, you just storing the passwords encrypted format,
# Squid and clients doesn’t use encrypt form!
# The value is case insensitive (YES/yes or not one of these).
# For backward compatibility, default is NO.
#
###################################

#encrypt_password_form NO
encrypt_password_form YES

###################################

建立SQL数据库

cat scripts/create_script

DROP DATABASE IF EXISTS mysql_auth;

USE mysql;
DELETE FROM user WHERE User LIKE ‘mysql_user’;
DELETE FROM db WHERE User LIKE ‘mysql_user’;
DELETE FROM tables_priv WHERE User LIKE ‘mysql_user’;

CREATE DATABASE mysql_auth;

USE mysql_auth;

CREATE TABLE squid_users
(user_name VARCHAR(16) NOT NULL PRIMARY KEY,
user_passwd VARCHAR(64) BINARY NOT NULL);

GRANT SELECT,INSERT,UPDATE,DELETE ON mysql_auth.* TO ‘mysql_user@’localhost’ IDENTIFIED BY ‘mysql_passwd’;
GRANT SELECT,INSERT,UPDATE,DELETE ON mysql_auth.* TO ‘mysql_user@’192.168.1.50′ IDENTIFIED BY ‘mysql_passwd’;

#建立数据库 和上面的分开执行

mysql -u root -p < scripts/create_script Enter password: mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6805 to server version: 5.0.21-Debian_3ubuntu1-log Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer. mysql> show databases;

这样就完成了 检查下输出有无错误,
最后重新启动squid 完成
现在就可以使用mysql认证了

相关:

• mysql squid分开
• squid用户认证 mysql