Re: [squid-users] pam_auth and smb pam modules on Solaris

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 7 Jan 2002 04:18:10 +0100

I have not tested the Squid PAM helper (pam_auth) using pam_smb or
pam_winbind, but the helper is pretty basic and should work to most
"standard" username+password databases.

Squid pam_auth only makes use of the following two PAM types/management
groups:

1. auth, to verify the users password
2. account, to verify that the account may be used at this time of day,
hasn't expired etc.

and is providing very little information besides the username+password.

However, the helper is doing some caching of the PAM connection, and
perhaps this is confusing some backends. In case this is your problem I
have made a new version of the helper where such caching can be disabled,
making Squid pam_auth behave more like a normal PAM client (this version
also supports an option for only using the auth management group, ignoring
PAM account management). The new version and it's documentation can be
found from http://devel.squid-cache.org/hno/software.html

Regards
Henrik Nordström
Squid Developer, author of Squid PAM auth.
CTO, MARA Systems AB, Sweden

On Sunday 06 January 2002 08.45, Peter Arnold wrote:
> Hi,
> Has anyone had any luck getting pam_auth to work with either pam_smb or
> pam_winbind? I've managed to get pam_auth to work with the native
> solaris pam_unix module but when I transpose either pam_smb or
> pam_winbind into the config (in place of pam_unix), authentication
> fails.
>
> I know pam_smb works as I can authenticate a login ok and I'm reasonable
> sure pam_winbind is working as when I send a wrong username and password
> , debug shows that it is denied. A right username and password gives no
> such denied message BUT pam_auth still denies it.
>
> Any help appreciated.

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Sun Jan 06 2002 - 20:56:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST