Re: [squid-users] PAM configuration

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 01 Dec 2001 16:57:01 +0100

Henrik Nordstrom wrote:

> Note: If your system is using shadow passwords (RedHat 7.2 does by
> default) then only processes running as root will be able to verify
> passwords. This means that in such configurations Squid pam_auth needs
> to be set user id root.

Right, I should also say that it is not recommended to use system
accounts for proxy authentication unless there are other reasons than
the proxy that your users needs to have an account on that system.

Generally, system accounts should be limited to those who actually need
to log in to the server itself.

The main goal of Squid pam_auth is not to authenticate agains
/etc/shadow, it is to allow authentication against any of the password
databases known to PAM. This includes UNIX passwords, UNIX shadow
passwords, NIS, Radius, NDS, LDAP, Kerberos, and countless of other
methods. The authentication PAM backens used by Squid pam_auth does not
need to be the same as is used for interactive logins to the server
itself.

Regards
Henrik Nordström
Squid Hacker
Received on Sat Dec 01 2001 - 08:55:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:08 MST