Discussion:
[squid-users] NCSA Auth doesn't recognize usernames with capital letters
Schokobecher
2018-11-27 21:28:26 UTC
Permalink
Hello,

I'm facing a really weird problem at the moment.
I'm using Squid 4.2 using the default Ubuntu compile options
(self-compiled) together with the NCSA Basic Auth helper and a passwd
file generated using "httpasswd -m".

If I add a user to it that starts with a capital letter (for example
"Bob") the auth always fails - until "Bob" becomes "bob" inside the
file, then the auth instantly works... and also for "Bob" since I use an
ACL like:

acl bob proxy_auth_regex -i bob

But the other way around is a no-go.

Did I miss something here?

Cheers,
Pierre
Amos Jeffries
2018-11-28 12:05:54 UTC
Permalink
Post by Schokobecher
Hello,
I'm facing a really weird problem at the moment.
I'm using Squid 4.2 using the default Ubuntu compile options
(self-compiled) together with the NCSA Basic Auth helper and a passwd
file generated using "httpasswd -m".
If I add a user to it that starts with a capital letter (for example
"Bob") the auth always fails - until "Bob" becomes "bob" inside the
file, then the auth instantly works... and also for "Bob" since I use an
acl bob proxy_auth_regex -i bob
But the other way around is a no-go.
Did I miss something here?
Usernames are case sensitive. Your regex may accept insensitive values,
but the rest of the system is mandatory case sensitive.
[ IME the systems doing UI tend to lower case inputs in order to avoid
security issues and headaches that come with with having two logins
"bob" and "Bob" for different users. ]

You can double-check what is going on with a cache.log trace from
"debug_options 11,2 28,8 29,9". The helper itself does not (yet) have
debug output unfortunately so if the issue is inside the OS crypt()
implementation it can be hard to see.

Amos

Loading...