Re: [squid-users] pam_auth Configuration

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 04 May 2002 00:33:35 +0200

Robert Adkins wrote:
> I am having an issue with setting up pam_auth for squid. I have scoured
> the web for information regarding how to configure PAM and Squid and have
> come up with little. Has anyone noticed how little PAM documentation
> exists?

There exists plenty of PAM documentation. Not much specific to Squid,
but mostly because there is not much to say that is specific to Squid.
Squid pam_auth is simply yet another PAM enabled application, just as
your system login prompt, or your favorite
FTP/telnet/ssh/pop3/imap/whatever deamon.

About the only Squid specific documentation for PAM that is needed is
the line

    The PAM service name for Squid is "squid".

The rest is covered by the PAM documentation.

Documentation included in linux-pam:

  * 58 pages administrators guide
  * 22 pages application developers guide
  * 19 pages PAM module writers guide.
  * almost full set of adminstator man pages
  * almost full set of developer man pages

> Anyway, I have seen a site or two that mention adding a line or two to a
> pam.conf, which is nice, but the lines are either not shown or simply say
> something like the following;
>
> "Once you have those lines added, SUID the pam_auth module and you are
> ready to work."

This is because it is close to impossible to say what these lines should
look like without knowing the details of how your system is configured.
PAM exists because of the diversity of different authentication schemes
used in UNIX and the networks UNIX wants to connect and coexists with.

In the small collection of Linux boxes I use personally (4) there is at
least 3 very different PAM configurations where at least 2 of them is
incompatible (I cannot take the settings from one of the systems and use
them on the other). If looking at the non-Linux systems I have been
using in the past then there is several other alternatives, again
different.

> I would like to have a spot more information then that. Does anyone have
> any clear information on setting up squid to use PAM authentication?

Take a few minutes to read the introduction in PAM administrators guide
(only one or two pages), and most of PAM will be a lot easier to grasp.

The quick answer to your question: Duplicate the settings of another PAM
service in your system configured for the authentication backends you
want to use and you should be set. The PAM service definitions is almost
always found in /etc/pam.d/<servicename>, or else in /etc/pam.conf.

Regards
Henrik
Received on Fri May 03 2002 - 16:33:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:54 MST