No such luck. Here is what I have so far...
After installing pam-devel I was able to configure and make squid to
use PAM. I also yum updated everything to make sure I wasn't missing
anything, and that nothing I had was outdated.
I set the auth_param program to use the pam_auth.
I chown'd it to root, as suggested in the man page for pam_auth
I created the squid config file in pam.d
I restarted the squid service
authconfig shows USESHADOW=yes
As far as I can tell I have everything installed and configured
correctly, yet I cannot authenticate to squid from a browser set to
use this machine as a proxy. And I can clearly see the denials in
messages as well as in the squid logs, such as...
Jun 23 16:47:38 stormcrow squid(pam_unix)[2680]: authentication
failure; logname= uid=23 euid=23 tty= ruser= rhost= user=joe
So it sees the user, but it is not taking the password for some
reason. Can anyone point me in the right direction on this?
Robert Denton
Network Administrator
Headsprout
800.401.5062 x1305
www.headsprout.com
On Jun 23, 2006, at 3:58 PM, Robert Denton wrote:
> Terrific, I am making progress on this. The absense of the
> pam.conf file in /etc is irrelevant since, according to the man
> page for pam, the mere existence of the pam.d dir will cause pam to
> completely ignore pam.conf. I have such a dir. However inside there
> is NO squid file. My plan is to make one by doing this:
>
> cp samba squid
>
> since the samba file looks pretty simple and somewhat
> representative of the config files inside pam.d. Whatsmore, there
> is nothing inside samba that seems specific to samba, likewise with
> similar pam.d config files such as sudo, etc. Also, the follow
> example I found on the web is mostly the same but doesn't exactly
> match my system:
>
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_stack.so
> service=system-auth
> password required /lib/security/pam_stack.so
> service=system-auth
> session required /lib/security/pam_stack.so
> service=system-auth
>
> Does anyone see any problems with this? I will try it and report
> back the results.
>
>
> Robert
>
> On Jun 23, 2006, at 2:19 PM, Robert Denton wrote:
>
>> This note may have been a bit premature. I installed pam-devel
>> and the make output is different, although the /etc/squid/libexec
>> directory I was expecting to appear is still not there. A
>>
>> find -name *pam_auth* reveals there is such a file here:
>>
>> ./usr/lib/squid/pam_auth
>>
>> which I suppose will work, but there is also no pam.conf file
>> anywhere to be found. I am running red hat 9. Shouldn't there be
>> a pam.conf file somewhere?
>
Received on Fri Jun 23 2006 - 14:52:56 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT