Linux 实现 squid+mysql认证
作者:陶金 网名:imtj(www.chinaunix.com)转载请保留上述信息
--------------------------------------------------------------
我是参考
http://www.linuxforum.net/forum/gshowflat.php?Cat=&Board=proxy&Number=450046&page=0&view=collapsed&sb=5&o=all&fpart=
这位老大的做法做的,但是他的系统是FreeBsd.我是用RedHat AS3 +Squid(RedHat自带) +
MySql(RedHat自带),作的方法是大同小异,但是有些区别,我把他写出来,免得大家跟我 一样走 一些弯路.
(1)安装 squid mysql 可以使用RedHat AS3自带的光盘上的,当然也可以自己编译.下载mysql_auth
(2)tar -zxvf mysql_auth-0.6.tar.gz
cd mysql_auth-0.6
这是我们要修改Makefile,我把我自己的Makefile贴出来
CC = gcc
CFLAGS = -I/usr/include -L/usr/lib/mysql
LDFLAGS = -lmysqlclient
SRC = src
OBJS = $(SRC)/mysql_auth.o $(SRC)/confparser.o $(SRC)/mypasswd.o
INSTALL = /usr/bin/install
CONF = $(SRC)/mysql_auth.conf
all : mysql_auth mypasswd
clean:
rm -rf src/*.o *.o mysql_auth mypasswd
mysql_auth: $(OBJS)
$(CC) -o $@ $(SRC)/mysql_auth.c $(SRC)/confparser.c $(LDFLAGS) $(CFLAGS)
mypasswd: $(OBJS)
$(CC) -o $@ $(SRC)/mypasswd.c $(SRC)/confparser.c $(LDFLAGS) $(CFLAGS)
install:
$(INSTALL) -o nobody -g nogroup -m 755 mysql_auth /usr/local/squid/bin/mysql_auth
$(INSTALL) -o root -g wheel -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o nobody -g nogroup -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf
$(INSTALL) -o nobody -g nogroup -m 600 $(CONF) /usr/local/squid/etc/mysql_auth.conf.default
主要是修改CFLAGS = -I/usr/include -L/usr/lib/mysql.如果是RPM安装,可以直接按照我说的方式修改
(3)在编译以前,我们要创建目录/usr/local/squid/bin和/usr/local/squid/etc
然后运行make;make intall这样我们的模块就安装成功了.
(4)mysql -u root -p < create_script (创建认证数据库)
输入一个认证的数据
mysql -u root -pxxxx
mysql>insert into data values ('guest', 'guest');
(5)修改/etc/squid/squid.conf
auth_param basic program /usr/local/squid/bin/mysql_auth/mysql_auth(这里要注意确实是输入两次mysql_auth,而不是我写错了,安装说明是输入一次,怎么都不能成功.)
acl normal proxy_auth REQUIRED
http_access allow normal
还有MYSQL认证一定要放在其他的认证前面,不然会无法通过
(6)修改/usr/local/squid/etc/mysql_auth.conf
其实我们真真要修改的地方不多
#
# mysql_auth.conf - an mysql authenticator config file
# this is the default name. you can call this by other name,
# but set up it in mysql_auth-source/src/define.h.
#
# comment: first character in line is '#'
# empty line (EOL at first) allowed
#
# format of parameters and their values:
# parameter - SPACE(S) and/or TAB(S) - value
#
# IMPORTANT: see the mysql_auth-source/scripts/create_script
# this configuration file made by this script
#
# by Ervin Hegedus, 2002, 2003
# hostname
#
# where is the mysql server - the server hostname or IP address;
# first 'hostname' directive, and after space(s) or tab(s) its
# value
#
# default:
hostname localhost(指定数据库主机名)
# user
#
# which user can connect to database
# default:
user squid(指定连接数据库用户)
# password
#
# user's password for database, that store the accounts
# default:
password squid(指定联接数据库密码)
默认会创建:用户名squid 密码squid用户
# database
#
# mysql database name, where accounts places are
# default:
database mysql_auth(指定联接数据库)
# mysql socket
#
# if mysqld doesn't use INET socket, you must to set this parameter
# where is the location of mysqld socket; if mysqld use INET socket,
# put NULL value
# default:
mysqld_socket /var/lib/mysql/mysql.sock(这个地方要注意,默认/tmp/mysqld.sock我们使用RPM安装MYSQL,SOCK不在哪儿,而是我写的这个地方)
# next three directives tells what will the select query,
# like this:
# SELECT * FROM table WHERE user_column LIKE "username" AND password_column LIKE "password"
# where username and password comes from client in HTTP header,
# and user_column and password_column is the columns name in table
# this is an easy way to tune this program to your existing database
# table
#
# the table name, where accounts exist in user-password pair
# default:
table data (指定联接的表)
# user_column
#
# user column name in table
# if you already have a database, what contains user-password
# pair, you can set it here
user_column user (指定联接的用户字断)
# password_column
#
# password column name in table
# like user column name above
password_column password(指定联接用户密码)
# encrypt_password_form
#
# passwords are stored in encrypted form,
# using mysql internal 'password()' function
# this mean, you just storing the passwords encrypted format,
# Squid and clients doesn't use encrypt form!
# The value is case insensitive (YES/yes or not one of these).
# For backward compatibility, default is NO.
encrypt_password_form NO(是否加密数据库)
大家配置这个的时候要注意mysqlq_sock这个配置
(6)配置成功以后大家,从新起动squid
/etc/rc.d/init.d/squid restart
实际上大家这个时候不需要使用SQL命令来添加用户,可是使用/home/mysql_auth-0.6/mypasswd username(输入用户名)
自动提示你输入密码,就可以创建MYSQL认证的用户
是不是很方便了....好了这样就可以成功的配置mysql + squid 认证了!
页:
[1]