Re: [squid-users] PAM Authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 31 May 2003 09:29:31 +0200

On Saturday 31 May 2003 07.11, Mohammad Shakir wrote:
> Dear,
>
> in squid.conf I have set "cache_effective_user squid" and here is
> my files permissions

> -rwxr-xr-x 1 root root 5148 Mar 23 2002 pam_auth

This is not installed correctly. See my previous reply:

>> Make sure the pam_auth helper is installed correctly and that the
>> squid PAM service is configured correctly. pam_auth needs to be
>> installed set-user-id root to be allowed to verify the passwords of
>> other users than the user Squid runs as (cache_effective_user).

> one more thing at command prompt from root when I run pam_auth
> shakir shakir, its do nothing, so by del key I terminate this
> process. and in my browser in username password window when I enter
> password its show authtication fail.

This is not the tests I asked you to run. See my previous reply:

>> To verify the squid PAM service configuration run pam_auth from the
>> command line as root, and then type a
>> username password
>>
>> If the above works then verify that pam_auth is installed correctly
>> by running it as the cache_effective_user (use the su command to
>> change user).

To clarify

Run /usr/lib/squid/pam_auth from the command line. Then give lines
consisting of username <space> password <enter> as input to the
program while it is running. If it works the program will respond
with OK/ERR, once per line of input.

Regards
Henrik

> Henrik Nordstrom <hno@squid-cache.org> wrote:
>
> On Friday 30 May 2003 14.49, Mohammad Shakir wrote:
> > authenticate_program /usr/lib/squid/pam_auth
> > acl mypassword proxy_auth shakir
> > http_acess allow mypassword
> >
> > when I use proxy then user name and password window is
> > also appear but its not verify my password from
> > /etc/shadow file, I have also create a user shakir by
> > adduser command.
>
> Make sure the pam_auth helper is installed correctly and that the
> squid PAM service is configured correctly. pam_auth needs to be
> installed set-user-id root to be allowed to verify the passwords of
> other users than the user Squid runs as (cache_effective_user).
>
> To verify the squid PAM service configuration run pam_auth from the
> command line as root, and then type a
> username password
>
> If the above works then verify that pam_auth is installed correctly
> by running it as the cache_effective_user (use the su command to
> change user).
>
> > some of friends advise me to recomplie squid source
> > with externel authentication but I do not know how to
> > recomplie and after recompling this problem will slove
> > ?
>
> No. There is no such recompile needed.
>
> A standard compile of Squid includes basic authentication, and if
> you have the pam_auth helper available then you have all components
> needed.
>
> Only if you want to use other authentication schemes than basic
> authentication such as NTLM or Digest authentication then a
> recompile of Squid is needed. However, neither NTLM or Digest
> authentication can use your /etc/shadow file as user database..
> (not mathematically possible).
>
> Regards
> Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Sat May 31 2003 - 01:44:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:08 MST