DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

pam_auth(8)



pam_auth(8)           MAINTENANCE COMMANDS            pam_auth(8)

NAME

     pam_auth - Squid PAM authentication helper

SYNOPSIS

     squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]

DESCRIPTION

     This helper allows Squid to connect to a mostly  any  avail-
     able  PAM database to validate the user name and password of
     Basic HTTP authentication.

     -s service-name
          Specifies the PAM service name Squid uses, defaults  to
          "squid"

     -t TTL
          Enables persistent PAM connections where the connection
          to  the  PAM  database  is kept open and reused for new
          logins. The TTL specifies how long the  connetion  will
          be  kept open (in seconds).  Default is to not keep PAM
          connections open. Please note  that  the  use  of  per-
          sistent  PAM  connections  is  slightly outside the PAM
          specification and may not work with all PAM  configura-
          tions.

     -o   Do  not  perform  the  PAM  account  management   group
          (account expiration etc)

CONFIGURATION

     The  program  needs  a  PAM  service  to  be  configured  in
     /etc/pam.conf  or  /etc/pam.d/<servicename> The default ser-
     vice name is "squid", and the program  makes  use  of  the
     management  groups  to  verify the password and the accounts
     validity.  For details on how to configure PAM services, see
     the  PAM documentation for your system. This manual does not
     cover PAM configuration details. The  existing  PAM  service
     definitions  for other applications on your system is also a
     good source for examples on how to configure a PAM service.

NOTES

     When used for authenticating to local UNIX  shadow  password
     databases  the  program  must  be running as root or else it
     won't have sufficient permissions to access the  user  pass-
     word  database. Such use of this program is not recommended,
     but if you absolutely need to then make the  program  setuid
     root
          chown root pam_auth
          chmod u+s pam_auth
     Please note that in such configurations it is also  strongly
     recommended that the program is moved into a directory where
     normal users cannot access it, as  this  mode  of  operation

Squid PAM Auth       Last change: 5 Sep 2003                    1

pam_auth(8)           MAINTENANCE COMMANDS            pam_auth(8)

     will  allow  any local user to brute-force other users pass-
     words. Also note the program has not been fully audited  and
     the  author  cannot  be  held  responsible  for any security
     issues due to such installations.

AUTHOR

     Squid  pam_auth  and  this  manual  is  written  by   Henrik
     Nordstrom <hno@squid-cache.org>

COPYRIGHT

     Squid pam_auth and this manual is  Copyright  1999,2002,2003
     Henrik Nordstrom <hno@squid-cache.org>

QUESTIONS

     Questions on the usage of this program can be  sent  to  the
     Squid Users <squid-users@squid-cache.org> mailing list.

REPORTING BUGS

     Report bugs or bug-fixes to  Squid  Bugs  <squid-bugs@squid-
     cache.org> or ideas for new improvements to Squid Developers
     <squid-dev@squid-cache.org>

SEE ALSO

     pam(8), PAM Systems Administrator Guide

Squid PAM Auth       Last change: 5 Sep 2003                    2
Man(1) output converted with man2html