This note may have been a bit premature. I installed pam-devel and
the make output is different, although the /etc/squid/libexec
directory I was expecting to appear is still not there. A
find -name *pam_auth* reveals there is such a file here:
./usr/lib/squid/pam_auth
which I suppose will work, but there is also no pam.conf file
anywhere to be found. I am running red hat 9. Shouldn't there be a
pam.conf file somewhere?
Robert Denton
Network Administrator
Headsprout
800.401.5062 x1305
www.headsprout.com
On Jun 23, 2006, at 1:54 PM, Robert Denton wrote:
> Hi Henrik, thanks for the quick response! Funny you should suggest
> PAM. The trouble is that I thought this was the way to go as well
> in the beginning, but I ended up with a bunch of warnings and
> errors in the make. I did this for the config script:
>
> ./configure --enable-basic-auth-helpers=PAM
>
> And that seemed to do okay. But when I issued the 'make' I got a
> lot of stuff like this:
>
> pam_auth.c:74:31: security/pam_appl.h: No such file or directory
> pam_auth.c:100: warning: `struct pam_response' declared inside
> parameter list
> pam_auth.c:100: warning: its scope is only this definition or
> declaration, which is probably not what you want
> pam_auth.c:100: warning: `struct pam_message' declared inside
> parameter list
> pam_auth.c: In function `password_conversation':
> pam_auth.c:102: error: dereferencing pointer to incomplete type
> pam_auth.c:102: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use
> in this function)
> pam_auth.c:102: error: (Each undeclared identifier is reported only
> once
> pam_auth.c:102: error: for each function it appears in.)
> pam_auth.c:103: error: dereferencing pointer to incomplete type
> pam_auth.c:103: error: dereferencing pointer to incomplete type
> pam_auth.c:104: error: `PAM_CONV_ERR' undeclared (first use in this
> function)
> pam_auth.c:116: error: invalid application of `sizeof' to an
> incomplete type
> pam_auth.c:121: error: invalid use of undefined type `struct
> pam_response'
> pam_auth.c:121: error: dereferencing pointer to incomplete type
> pam_auth.c:122: error: invalid use of undefined type `struct
> pam_response'
> pam_auth.c:122: error: dereferencing pointer to incomplete type
> pam_auth.c:124: error: invalid use of undefined type `struct
> pam_response'
> pam_auth.c:124: error: dereferencing pointer to incomplete type
> pam_auth.c:124: error: `PAM_SUCCESS' undeclared (first use in this
> function)
> pam_auth.c: At top level:
> pam_auth.c:127: error: variable `conv' has initializer but
> incomplete type
> pam_auth.c:129: warning: excess elements in struct initializer
> pam_auth.c:129: warning: (near initialization for `conv')
> pam_auth.c:131: warning: excess elements in struct initializer
> pam_auth.c:131: warning: (near initialization for `conv')
> pam_auth.c: In function `main':
> pam_auth.c:148: error: `pam_handle_t' undeclared (first use in this
> function)
> pam_auth.c:148: error: `pamh' undeclared (first use in this function)
> pam_auth.c:149: error: `PAM_SUCCESS' undeclared (first use in this
> function)
> pam_auth.c:207: error: invalid use of undefined type `struct pam_conv'
> pam_auth.c:211: warning: implicit declaration of function `pam_start'
> pam_auth.c:219: warning: implicit declaration of function `pam_end'
> pam_auth.c:237: warning: implicit declaration of function
> `pam_set_item'
> pam_auth.c:237: error: `PAM_USER' undeclared (first use in this
> function)
> pam_auth.c:239: error: `PAM_CONV' undeclared (first use in this
> function)
> pam_auth.c:242: warning: implicit declaration of function
> `pam_authenticate'
> pam_auth.c:244: warning: implicit declaration of function
> `pam_acct_mgmt'
> pam_auth.c: At top level:
> pam_auth.c:127: error: storage size of `conv' isn't known
> make[3]: *** [pam_auth.o] Error 1
> make[3]: Leaving directory `/root/squid/helpers/basic_auth/PAM'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/root/squid/helpers/basic_auth'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/root/squid/helpers'
> make: *** [all-recursive] Error 1
>
> I spent half a day googling around for solutions to this before I
> moved on to the idea of using getpwnam. However, I would much
> rather use PAM if I can get it working. Any suggestions on the
> above? Thanks!
>
> Robert
>
> On Jun 22, 2006, at 6:51 PM, Henrik Nordstrom wrote:
>
>> tor 2006-06-22 klockan 17:39 -0400 skrev Robert Denton:
>>
>>> but what is the syntax if I want to use getpwnam? Something like
>>> this:
>>>
>>> auth_param basic program getpwnam /etc/passwd ???
>>
>> You should probably be using the PAM helper.. the getpwnam only
>> supports
>> non-shadow systems using crypt hasing (not MD5).
>>
>> getpwnam:
>>
>> auth_param basic program /path/to/squid/libexec/getpwnam_auth
>>
>> no additional configuration, but only works in the exact conditions
>> abowe, which is a diminishing small population of hosts today..
>>
>> PAM:
>>
>> auth_param basic program /path/to/squid/libexec/pam_uath
>>
>> and suitable squid service definition on your systems PAM config. See
>> the pam_auth documentation (man page shipped with Squid).
>>
>> Regards
>> Henrik
>
>
Received on Fri Jun 23 2006 - 12:19:51 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT