Re: [squid-users] PAM authentication problem

From: Jatin Nansi <[email protected]>
Date: Thu, 6 Dec 2001 10:28:02 +0530

Henrik

thanks for the reply. But i have followed these instructions
from pam_auth.c. u see i am installing this on a redhat7.2 box
so it also has shadow passwds.
which means that the binary has to be set to 4755. i have done
that. still, the puser of the pam_auth is squid and not root.

i am facing another problem, in which pam_auth only authenticates
the first user. if i try the second time it allways returns ERR.
the same username and passwd will work if i exit pam_auth and
restart it.

if you need the pam config for squid it is:
---------------------------------------------------
#%PAM-1.0
#Filename: squid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
---------------------------------------------------

i also request that if any 1 is running rh7.2, and squid to verify this.
rh7.2 has pam_auth installed in /usr/lib/squid. it comes with the squid
rpm. you only need to configure pam with the above settings. it shld
work out of the box.

Jatin

On 2001.12.05 20:00 Henrik Nordstrom wrote:
> The Squid pam_auth installation instructions:
>
> * Install instructions:
> *
> * This program authenticates users against a PAM configured
> authentication
> * service "squid". This allows you to authenticate Squid users to any
> * authentication source for which you have a PAM module. Commonly
> available
> * PAM modules includes "UNIX", RADIUS, Kerberos and SMB, but a lot of
> other
> * PAM modules are available from various sources.
> *
> * Example PAM configuration for standard UNIX passwd authentication:
> * /etc/pam.conf:
> * squid auth required /lib/security/pam_unix.so.1
> * squid account required /lib/security/pam_unix.so.1
> *
> * Note that some PAM modules (for example shadow password
> authentication)
> * requires the program to be installed suid root, or PAM will not allow
> * it to authenticate other users than it runs as (this is a security
> * limitation of PAM to avoid automated probing of passwords).
>
> Regards
> Henrik Nordstr�m
>
>
>
> On Wednesday 05 December 2001 14.23, Jatin Nansi wrote:
> > Hi,
> >
> > I am trying to authenticate my users against PAM.
> > i am using pam_auth that comes with squid itself (no modifications).
> >
> > the problem is that pam_auth returns ERR all the time when run by
> > squid. i have marked it mode 4755. when i run it as root / other
> > interactive users, i dont have problems.
> >
> > I have checked this by ps axu.
> > when it is run by squid, the user is squid. whereis when run by any
> other
> > user / root the uid for pam_auth is root.
> >
> > i really dont understand this. where am i going wrong??
> >
> > Jatin
>
> --
> MARA Systems AB
> Giving you basic free Squid support
> Priority support or Squid enhancements available on request
>
>
Received on Wed Dec 05 2001 - 21:57:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:14 MST