Re: [squid-users] PAM-Module Authentication Problems with Squid 2.4-STABLE7

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 6 Jul 2002 17:41:21 +0200

On Saturday 06 July 2002 15.15, Siegbert Laukas wrote:
> Hi,
> i tried to use the included PAM-Module for authentication with
> my local Shadow Password-File.
>
> I have also tried with the PAM-Module from Henrik Nordström (last
> version).

Should be more or less the same version...

> 2. I have create the squid-file in the /etc/pam.d Directory with
> this contain:
> #%PAM-1.0
> auth required /lib/security/pam_unix.so
> account required /lib/security/pam_unix.so

Not all systems are happy with using pam_unix.so for Shadow
passwords.. depending on the revision you may need to tell pam_unix
that you are using shadow passwords etc..

See also the pam_pwdb.so pam module..

The easiest way to test if you have got the PAM configuration correct
is to run pam_auth from the command line as root...

/usr/local/squid/libexec/squid/pam_auth
user password
another_user another_password
....

The auth helper will respond with OK/ERR after each username password
pair.

Once you have it running fine as root, verify the configuration by
running the helper as the user Squid is configured to use (usually
squid or nobody), or as another unprivileged user.

Note: Usually it is highly recommendable from a security view of
things to use ncsa_auth or another detached authentication system
instead of pam_auth.. in most cases there is no reason why proxy
users should be given UNIX accounts on the proxy server...

Regards
Henrik
Received on Sat Jul 06 2002 - 09:47:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:05 MST