At 11:58 01/03/26 +0200, you wrote:
>Have you installed pam_auth SUID root? To access /etc/shadow it must be
>running as root..
Thank you for your prompt reply. I did
chmod root:root pam_auth and it worked!!!
I have another question.
Now that I have authentication via pam working, I don't want the superusername
and password in /etc/shadow used for proxy authentication.
How can I restrict access so that "root" cannot
be used for proxy authentication.
Is using the ACL list with an IDENT server the only way?
Is using the IDENT server a good idea? I really do not want
to install an additional server just for this.
Thank you,
Kristina
>--
>Henrik Nordstrom
>Squid hacker
>
>
>Kristina Mpoyi-Mpoyi wrote:
> >
> > Hello.
> > I am trying to get squid to authenticate with
> > /etc/shadow via pam.
> >
> > I have squid-2.3.STABLE4.tar.gz installed on
> > Solaris 7 sparc. I completed the steps below.
> > When I manually execute pam_auth my username
> > and password gets authenticated correctly against
> > /etc/shadow. However, when I try to authenticate
> > through squid, authentication fails.
> >
> > Any hints would be greatly appreciated,
> >
> > Kristina
> >
> > --------------------------------------------
> > (1) Edit squid.conf
> > % vi /usr/local/squid/etc/squid.conf
> > authenticate_program /usr/local/squid/bin/pam_auth
> >
> > (2) Edit /etc/pam.conf
> > squid auth required /usr/lib/security/pam_unix.so.1 shadow nullok
> > squid account required /usr/lib/security/pam_unix.so.1
> >
> > (3) Change permissions of pam_auth
> > % suid /usr/local/squid/bin/pam_auth
> > % chmod 7755 /usr/local/squid/bin/pam_auth
> > % ls -l /usr/local/squid/bin/pam_auth
> > -rwsr-sr-t 1 nobody nogroup pam_auth
> >
> > (4) Test to see if pam_auth works
> > % /usr/local/squid/bin/pam_auth
> > username password
> > OK
> > ------------------------------------------
Received on Mon Mar 26 2001 - 19:15:51 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:59 MST