Re: [squid-users] SQUID authentication via PAM

From: Henrik Nordstrom <>
Date: Wed, 28 Mar 2001 09:23:47 +0200

Kristina Mpoyi-Mpoyi wrote:

> >The best method is to use a PAM module that restricts root logins from
> >Squid.
> >
> >But you can also wrap pam_auth in a filter which denies certain
> >usernames from login before asking PAM..
> Thank you for your information. Please let me know where I can obtain
> such a PAM module....if it exists. Also, how do I go about wrapping
> pam_auth in a filter?

Almost all PAM enabled systems I have said has such a PAM module in the
base system, with login configured to use this to not allow root logins
from other than the console...

A simple wrapper is below:

open(PAM,"|/usr/local/squid/sbin/pam_auth") ||
        die("Failed to start pam_auth");
select PAM; $|=1;
select STDOUT; $|=1;
while(<>) {
  if (/^root /) {
    print "ERR\n";
  } else {
    print PAM $_;

Henrik Nordstrom
Squid hacker
Received on Wed Mar 28 2001 - 00:44:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:00 MST