pam_auth(8)pam_auth(8)NAMEpam_auth - Squid PAM authentication helper
SYNOPSIS
squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]
DESCRIPTION
This helper allows Squid to connect to a mostly any avail-
able PAM database to validate the user name and password
of Basic HTTP authentication.
-s service-name
Specifies the PAM service name Squid uses, defaults
to "squid"
-t TTL Unless the -1 option is used, this specified for
how long the connection to the PAM database should
be kept open and reused for new logins. Defaults to
60 seconds.
-o Do not perform the PAM account management group
(account expiration etc)
-1 Specifies "One shot" mode, where a new PAM connec-
tion will be opened for each new user. This is how
PAM is normally used and may be required by some
backend databases. The default is to reuse the PAM
connection to maximize performance. (see -t above)
CONFIGURATION
The program needs a PAM service to be configured in
/etc/pam.conf or /etc/pam.d/<servicename>
The default service name is "squid", and the program makes
use of the 'auth' and 'account' management groups to ver-
ify the password and the accounts validity.
For details on how to configure PAM services, see the PAM
documentation for your system. This manual does not cover
PAM configuration details.
NOTES
When used for authenticating to local UNIX shadow password
databases the program must be running as root or else it
won't have sufficient permissions to access the user pass-
word database. Such use of this program is not recom-
mended, but if you absolutely need to then make the pro-
gram setuid root
chown root pam_auth
chmod u+s pam_auth
Please note that in such configurations it is also
strongly recommended that the program is moved into a
directory where normal users cannot access it, as this
mode of operation will allow any local user to brute-force
other users passwords. Also note the program has not been
fully audited and the author cannot be held responsible
for any security issues due to such installations.
AUTHOR
Squid pam_auth and this manual is written by Henrik Nord-
strom <hno@squid-cache.org>
COPYRIGHT
Squid pam_auth and this manual is Copyright 1999,2002 Hen-
rik Nordstrom <hno@squid-cache.org>
QUESTIONS
Questions on the usage of this program can be sent to the
Squid Users <squid-users@squid-cache.org> mailing list.
REPORTING BUGS
Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-
cache.org> or ideas for new improvements to Squid Develop-
ers <squid-dev@squid-cache.org>
SEE ALSOpam(8), PAM Systems Administrator Guide
Squid PAM Auth 15 May 2002 pam_auth(8)