[squid-users] Pam authentication /etc/shadow

From: Carlos Hernandez <c_hdez_8set@dont-contact.us>
Date: Mon, 31 Jan 2005 17:03:12 -0600 (CST)

Hello!

I am new to squid and I am having a little trouble
authenticating users against /etc/shadow. I am using
FC3, squid-2.5.STABLE6-3 and pam-0.77-66.2. I am
trying to use pam_auth (squid's tool) to authenticate
users against /etc/shadow, but It doesn't work. Here
is a little about my configuration files. (And I have
already setuid pam_auth)

from /etc/squid/squid.conf

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl password proxy_auth REQUIRED

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow password
http_access allow localhost
http_access deny all

---------------------

from /etc/pam.d/squid

auth required /lib/security/pam_unix.so shadow nullok
account required /lib/security/pam_unix.so
-------------------------------------
from /var/log/messages

Jan 31 17:01:43 gaara kernel: audit(1107190903.207:0):
avc: denied { search } for pid=5217
exe=/usr/lib/squid/pam_auth name=selinux dev=hdc6
ino=849817 scontext=root:system_r:squid_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Jan 31 17:01:43 gaara kernel: audit(1107190903.210:0):
avc: denied { read } for pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara last message repeated 5 times
Jan 31 17:01:43 gaara kernel: audit(1107190903.211:0):
avc: denied { read } for pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.211:0):
avc: denied { read } for pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.216:0):
avc: denied { search } for pid=5249
exe=/sbin/unix_chkpwd name=selinux dev=hdc6 ino=849817
scontext=root:system_r:squid_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Jan 31 17:01:43 gaara kernel: audit(1107190903.270:0):
avc: denied { read } for pid=5249
exe=/sbin/unix_chkpwd name=shadow dev=hdc6 ino=798774
scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.270:0):
avc: denied { read } for pid=5249
exe=/sbin/unix_chkpwd name=shadow dev=hdc6 ino=798774
scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara unix_chkpwd[5249]: check pass;
user unknown
Jan 31 17:01:43 gaara squid(pam_unix)[5217]:
authentication failure; logname= uid=23 euid=0 tty=
ruser= rhost= user=carlos

Does squid is running under its own UID? or it's using
root's UID?

Thanks!

Carlos

_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
Received on Mon Jan 31 2005 - 16:03:19 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST