Kristina Mpoyi-Mpoyi wrote:
> >The best method is to use a PAM module that restricts root logins from
> >Squid.
> >
> >But you can also wrap pam_auth in a filter which denies certain
> >usernames from login before asking PAM..
>
> Thank you for your information. Please let me know where I can obtain
> such a PAM module....if it exists. Also, how do I go about wrapping
> pam_auth in a filter?
Almost all PAM enabled systems I have said has such a PAM module in the
base system, with login configured to use this to not allow root logins
from other than the console...
A simple wrapper is below:
#!/usr/bin/perl
open(PAM,"|/usr/local/squid/sbin/pam_auth") ||
die("Failed to start pam_auth");
select PAM; $|=1;
select STDOUT; $|=1;
while(<>) {
if (/^root /) {
print "ERR\n";
} else {
print PAM $_;
}
}
-- Henrik Nordstrom Squid hackerReceived on Wed Mar 28 2001 - 00:44:49 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:00 MST