Re: [squid-users] pam_smb authentication

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Mon, 18 Feb 2002 23:25:05 +0100

You SHOULD NOT give too wide permissions to Squid pam_auth or pam
files in general (or in fact any configuration file). Doing so is a
quite large security risk.

Can you use the Squid pam_auth helper from the command line and
successfuly authenticate users?

Regards
Henrik

On Monday 18 February 2002 18.30, Matt Brander wrote:
> Hello.....
>
> The scenario:
>
> Mandrake 7.2
> Squid2.4
> pam_smb_auth 1.1.6?
> NT4 PDC
>
> I am attempting to restrict access to my squid proxy using NT
> domain logins.
>
>
> The current situation:
>
> I currently have pam_smb authentication working against my NT PDC,
> but only from the CLI whilst logged in as root. If I setup squid to
> use the pam_auth executable for authentication, it prompts for an
> NT domain user and password as expected but even a correct login
> fails. Squid obviously then denies access.
>
> Do you have any suggestions on why this is not working? Or perhaps
> where I can look to find out more about the point at which it is
> failing?
>
> I thought it may be a permissions problem but I chmod 777 on all
> the pam_auth files (/etc/pam_smb.conf, /usr/sbin/pam_auth,
> /lib/security/pam_smb_auth.so) and it made no difference.
>
> Any light you can shed on the problem would be very much
> appreciated.
>
> Regards
>
> Matt Brander

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Mon Feb 18 2002 - 15:44:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:25 MST