If you are authenticating to /etc/shadow (which it seems you are), then
pam_auth MUST be installed SUID root.
chown root /usr/local/squid/bin/pam_auth
chgrp squid /usr/local/squid/bin/pam_auth
chmod 710 /usr/local/squid/bin/pam_auth
chmod u+s /usr/local/squid/bin/pam_auth
Note however that it is often wiser to maintain the proxy accounts in a
separate password file, and use the ncsa_auth helper. There is no reason
why proxy users should have an account on the actual proxy machine, only
the proxy service.
Regars
Henrik Nordström
Squid Hacker
Jack wrote:
> In /etc/pam.d/squid
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> auth required /lib/security/pam_pwd.so shadow nullok
> account required /lib/security/pam_pwdb.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
>
> but it does not accept any user name and passwd and it deny for all users.
>
> Where i done worng?
Received on Wed Oct 24 2001 - 17:25:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:06 MST