[squid-users] Using PAM-Authentication with squid

From: Stefan Peters <[email protected]>
Date: Mon, 21 Mar 2005 13:55:11 +0100

Hello Mailing-List,

we want to use pam-authentication (with pam_mysql.o) for the
squid-users. But the users can't log in successfully :(

We are using squid-2.5.STABLE9 (under Debian Sarge with the debs
libmysqlclient14/mysql-client-4.1/libmysqlclient14-dev) and configured
it the following way:

# *** configure
./configure --sysconfdir=/etc/squid --localstatedir=/var/squid
--enable-gnuregex --enable-xmalloc-statistics --with-pthreads -with-dl
--enable-icmp --enable-useragent-log --enable-referer-log --enable-snmp
--enable-arp-acl --enable-htcp --enable-ssl --with-openssl
--enable-forw-via-db --enable-cache-digests
--enable-default-err-language=German --enable-err-languages=German
--enable-linux-netfilter --enable-auth=basic
--enable-basic-auth-helpers=PAM --enable-async-io --quiet
# /***

We got no errors when configuring, compiling or installing the proxy.

This is our PAM-Config:

# *** /etc/pam.d/squid
# PAM
auth sufficient /lib/security/pam_mysql.so user=proxy passwd=foobar
host=mysqlserver db=xnet table=xnet_user usercolumn=username
passwdcolumn=password where=b_proxy=1 crypt=2
account required /lib/security/pam_mysql.so user=proxy passwd=foobar
host=mysqlserver db=xnet table=xnet_user usercolumn=username
passwdcolumn=password where=b_proxy=1 crypt=2
# /***

The parameters, concerning the authentication-process, in squid.conf:

# *** /etc/squid/squid.conf
auth_param basic children 5
auth_param basic realm Internet-Zugang
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
auth_param basic program /usr/local/squid/libexec/pam_auth
# /***

When we test the db-connection manually, everything works perfectly.
Other services using pam_mysql (proftpd, postfix) also work without
problems. Here comes, what the syslog sais:

# *** syslog:
Mar 21 14:30:46 localhost (pam_auth): pam_sm_authenticate called.
Mar 21 14:30:46 localhost (pam_auth): dbuser changed.
Mar 21 14:30:46 localhost (pam_auth): dbpasswd changed.
Mar 21 14:30:46 localhost (pam_auth): host changed.
Mar 21 14:30:46 localhost (pam_auth): database changed.
Mar 21 14:30:46 localhost (pam_auth): table changed.
Mar 21 14:30:46 localhost (pam_auth): usercolumn changed.
Mar 21 14:30:46 localhost (pam_auth): passwdcolumn changed.
Mar 21 14:30:46 localhost (pam_auth): where changed.
Mar 21 14:30:46 localhost (pam_auth): crypt changed.
Mar 21 14:30:46 localhost (pam_auth): db_connect called.
Mar 21 14:30:46 localhost (pam_auth): returning 0 .
Mar 21 14:30:46 localhost (pam_auth): db_checkpasswd called.
Mar 21 14:30:46 localhost (pam_auth): pam_mysql: where clause =
b_proxy=1
Mar 21 14:30:46 localhost (pam_auth): SELECT password FROM xnet_user
WHERE username='footheuser' AND (b_proxy=1)
Mar 21 14:30:46 localhost (pam_auth): returning 7 .
Mar 21 14:30:46 localhost (pam_auth): returning 7 after db_checkpasswd.
# /***

Hope you can help us.

Thanks in advance
Stefan Peters
Received on Mon Mar 21 2005 - 05:54:53 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST