用户认证功能的SQUID代理服务器
|
|
|
作者:佚名
来源:InterNet 加入时间:2005-1-31 |
SQUID和MYSQL的安装采用了SUN发布的二进制安装包,它在software_companion_x86 CD中可以找到;MYSQL_AUTH用GOOGLE搜索就可以找到。
一、安装配置SQUID+MYSQL
1.建立用户和组 # groupadd squid # useradd -g squid -d /dev/null -s /bin/false squid # groupadd mysql # useradd -g mysql -s /bin/false mysql
2. 安装MYSQL
# mount –F hsfs –o ro /dev/dsk/c1t0d0p0 /cdrom
# cd /cdrom/components/i386/Packages
# pkgadd -d ./ -s /var/spool/pkg SFWmysql SFWgcmn
# pkgadd SFWgcmn SFWmysql
# chown -R root /opt/sfw/mysql
# chgrp -R mysql /opt/sfw/mysql
# chown -R mysql /opt/sfw/mysql/var
# /opt/sfw/mysql/bin/mysql_install_db
# /opt/sfw/mysql/bin/mysqld_safe &
# cp /opt/sfw/mysql/share/mysql/my-medium.cnf /etc/my.cnf
# vi /etc/my.cnf
bind-address = 127.0.0.1 |
设置启动脚本:
# cp /opt/sfw/mysql/share/mysql/mysql.server /etc/init.d/mysql.server
# ln /etc/init.d/mysql.server /etc/rc3.d/S79mysql
# ln /etc/init.d/mysql.server /etc/rc0.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rc1.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rc2.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rcS.d/K00mysql
# chown root:sys /etc/init.d/mysql.server /etc/rc3.d/S79mysql
# chmod 0744 /etc/init.d/mysql.server /etc/rc3.d/S79mysql |
设置ROOT密码: # mysqladmin -u root password llzqq
3.安装SQUID
# pkgadd -d ./ -s /var/spool/pkg SFWsquid
# pkgadd SFWsquid
# cd /opt/sfw/squid/etc
# cp squid.conf.default squid.conf
# cp mime.conf.default mime.conf |
4.配置SQUID.CONF
http_port 192.168.0.1:3128
cache_mgr llzqq@nero.3322.org
error_directory /opt/sfw/squid/share/errors/Simplify_Chinese
dns_nameservers 202.99.160.68 202.99.168.8
visible_hostname nero.3322.org
httpd_accel_uses_host_header on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
cache_mem 20 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 30 KB
minimum_object_size_in_memory 0 KB
cache_swap_low 85
cache_swap_high 90
cache_dir ufs /opt/sfw/squid/var/cache
cache_effective_user squid
cache_effective_group squid
#http_access allow manager localhost
#http_access allow localhost
#http_access deny manager
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
--------------------------------------------------------
# chown –R squid:squid /opt/sfw/squid/var
# /opt/sfw/squid/sbin/squid -z |
5. SQUID启动脚本
# vi /etc/rc3.d/S78squid
====================== S78squid =====================
#!/sbin/sh
#
# Copyright (c) 2004 by llzqq, Inc
# llzqq@126.com
# All rights reserved.
#
#ident '@(#)squid 1.1 04/05/24 SMI'
case '$1' in
start)
/opt/sfw/squid/sbin/squid -s
;;
stop)
/opt/sfw/squid/sbin/squid -k shutdown
pkill squid
;;
*)
echo 'Usage: $0 { start | stop }'
exit 1
;;
esac
exit 0
====================== S78squid =====================
# chown root:sys /etc/rc3.d/S78squid
# chmod 744 /etc/rc3.d/S78squid
# ln -s /etc/rc3.d/S78squid /etc/rc2.d/K78squid |
二、 安装MYSQL_AUTH
# gzip -d mysql_auth-0.6beta.tar.gz
# tar vxf mysql_auth-0.6beta.tar
# cd mysql_auth-0.6beta |
Makefile中需要修改的内容如下:
# vi Makefile
CFLAGS = -I/opt/sfw/mysql/include -L/opt/sfw/mysql/lib/mysql
INSTALL = /usr/ucb/install
$(INSTALL) -o root -g sys -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o squid -g squid -m 755 mysql_auth /usr/bin/mysql_auth
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf.default |
src/define.h中需要修改的内容如下:
# vi +5 src/define.h
#define CONFIG_FILE '/etc/mysql_auth.conf'
#define DEF_MYSQLD_SOCKET '/tmp/mysql.sock' |
src/mysql_auth.conf中需要修改的内容如下:
# vi src/mysql_auth.conf
mysqld_socket /tmp/mysql.sock
# /usr/ccs/bin/make
# /usr/ccs/bin/make install |
创建用户数据库: # cd scripts # mysql -u root -p****** < create_script
测试MYSQL_AUTH
1.添加一个测试用户 # mypasswd llzqq 123456 Password record ADDED succesfully.
2.验证刚才建立的用户 # mysql_auth llzqq 123456 0K
3.删除一个已经建立的用户用这个命令 # mypasswd –d username
三、在SQUID.CONF中增加MYSQL_AUTH认证部分 # vi /etc/squid/squid.conf
添加下面的代码到SQUID.CONF中“TAG: acl”一节的后面
auth_param basic program /usr/bin/mysql_auth
auth_param basic realm LLZQQ’S CACHING SERVER
auth_param basic children 5
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow password
authenticate_ip_ttl 2 hours
http_access deny all |
四、客户端设置
在浏览器的代理服务器设置中填写SQUID服务器的IP和端口: 192.168.0.1:3218
在下载软件FLASHGET的代理服务器设置中填写SQUID服务器的IP、端口、用户和密码: 192.168.0.1:3218 user:llzqq passwd:123456
五、注意事项
在进行以上安装前要先安装GCC否则不能编译MYSQL_AUTH,另外在添加用户前需要设置ROOT用户的LD_LIBRARY_PATH变量中有这个路径:/opt/sfw/mysql/lib/mysql
[文章录入员:nancy] |
|
|
|
|