AW: polygraph-pgl2acl doesn't recognize credentials

Hohl, Gerrit g.hohl at aurenz.de
Thu Dec 1 08:24:37 UTC 2011


Hello Alex,

thanks for the fast reply. :-)

I'm a little bit confused as there is no ACL property in the robot type:
http://www.web-polygraph.org/docs/reference/pgl/types.html#type:docs/reference/pgl/types/Robot
By the way: There is also no credentials property or even a credentials(int, String) call in the documentation. ;-)

Hm, I guess in this case it is easier for me to write a little program that creates a file which I can include in the proxy. That program will create another pgl file which I can include in the test case and use the array in the robot.
In the case of using squid with ncsa_auth it would mean that it would produce a file (in this example "cred.store") in htpasswd style (by calling the htpasswd command):

bob:$apr1$fE4.....$qjlBH02N80pZieEvIeQ73/
mary:$apr1$BG4.....$KnQqqBZXre.VyVOfaAls20
duane:$apr1$/H4.....$uZSzXgJYuLLf/JKVkPOOM0

Then I will modify the /etc/squid.conf and add / modify the following lines:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/cred.store
auth_param basic children 5
acl authuser proxy_auth REQUIRED
#http_access allow localnet
#http_access allow localhost
http_access allow authusers

The pg file (in this case "include/cred.pg") would look like that:

string[] cred = [ "bob:secret", "mary:letMeIn", "duane:p$987<4" ];

In the include/polymix-4-guts.pg I will add:

#include "cred.pg"

and modify the robot by adding the following lines:

auth_error = 0.1%
credentials = cred;

That should work, shouldn't it?

Regards
Gerrit





-----Ursprüngliche Nachricht-----
Von: Alex Rousskov [mailto:rousskov at measurement-factory.com] 
Gesendet: Mittwoch, 30. November 2011 17:25
An: Hohl, Gerrit
Cc: users at web-polygraph.org
Betreff: Re: polygraph-pgl2acl doesn't recognize credentials

On 11/30/2011 07:36 AM, Hohl, Gerrit wrote:

> my project manager introduced web-polygraph to me. We want to test our 
> own proxy with it.

Hello Gerrit,

    Welcome to the list.

> I'm trying to include authentication into the test. I added the 
> following line in the robot:
> 
> credentials = credentials(count(addresses), "authmix");
> 
> and started polygraph-pgl2acl. But it only shows that it couldn't find 
> any authentication rules:
> 
> polygraph-pgl2acl: parsing...
> polygraph-pgl2acl: collecting rules...
> polygraph-pgl2acl: pruning 0 rules ...
> polygraph-pgl2acl: sorting 0 rules ...
> polygraph-pgl2acl: symplifying...
> polygraph-pgl2acl: printing 0 rules ...
> 
> Normally there should be around 125 IP adresses for the robots. So 
> shouldn't there be also 125 credentials? Why doesn't it find anything? 
> I don't know what I did wrong. Maybe one of you can help me finding my 
> mistake.

The pgl2acl tool produces Access Control Lists (ACLs) from Robot.acl fields and is not directly related to Robot IP addresses or Robot credentials. I suspect your PGL Robots had no acl rules so the tool produced nothing. You probably do not need those rules if all you are interested in is authentication.

What you probably want is the polygraph-pgl2ldif tool. See
http://www.web-polygraph.org/docs/userman/auth.html#Sect:3.2
and search for "human-friendly" to find a non-LDIF example that may be useful for generating rules to configure your proxy.


HTH,

Alex.



More information about the Users mailing list