Re: Authentication using standard /etc/passwd file

From: Clifton Royston <>
Date: Fri, 15 Oct 1999 09:11:49 -1000

On Fri, Oct 15, 1999 at 08:02:29AM +0100, Jason Thompson wrote:
> I am in the process of setting up a squid cache at a school where I work. We
> need to have passwords protecting Internet access. Our first idea is to
> create all the users on the cache box using the standard add user program.
> Then use squid to check that when authenticating people.
> Is this possible, and is it a good idea to do this?

It's very possible, but not recommended.
> Users do not log in to the machine, so the passwd file will not be used for
> anything else. Apart from the obvious root access.

The problem is (1) root access - you're making it simpler to do the
obvious brute-force attacks on the root password - and (2) the
possiblity that someone *will* find an unexpected way to log into the
machine once they're in the password file. (If not for shell access,
then for FTP, or some other later-added service which defaults to
determining users from the password file.)

> We need to be able to add users, change user passwords, and delete users.
> Via the command line.

Instead, I recommend you look at the htpasswd program. That should do
exactly what you want. From man:

       htpasswd [ -c ] passwdfile username

       htpasswd is used to create and update the flat-files used
       to store usernames and password for basic authentication
       of HTTP users. Resources available from the httpd Apache
       web server can be restricted to just the users listed in
       the files created by htpasswd. This program can only be
       used when the usernames are stored in a flat-file. To use
       a DBM database see dbmmanage.

  -- Clifton

 Clifton Royston  --  LavaNet Systems Architect --
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC
Received on Fri Oct 15 1999 - 13:20:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:55 MST