Re: Password auth / shadow passwd file...

From: Henrik Nordstrom <[email protected]>
Date: Tue, 25 May 1999 17:32:05 +0000

Lennart Hansen wrote:
>
> Greetings..
>
> I was woundering if anyone had any idea who i could use the squid auth program so that it reads
> the newest /etc/shadow file, whitout running squid as root, or make the shadow file readable to other
> users ??

The purpose of shadow passwords is to restrict availability of password
information to root only. If you have a shadow passwd system, then you
either have to run the authenticator as root (preferably using
getspnam() or PAM to read the shadow file), or you have to export the
shadowed password information to a file readable by Squid.

The ncsa_auth authenticator rereads the specified password file if it
changes.

Suitable commands to export /etc/shadow to Squid:

Preparation:

touch /usr/local/squid/etc/passwd
chown squid /usr/local/squid/etc/passwd
chmod 600 /usr/local/squid/etc/passwd
cp /etc/shadow /usr/local/squid/etc/passwd

root crontab, once / hour or any other suitable interval:

#!/bin/sh
if [ /etc/shadow -nt /usr/local/squid/etc/passwd]; then
  cp /etc/shadow /usr/local/squid/etc/passwd
fi

--
Henrik Nordstrom
Spare time Squid hacker
Received on Tue May 25 1999 - 11:30:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:25 MST