1basic_pam_auth(8)           System Manager's Manual          basic_pam_auth(8)
2
3
4

NAME

6       basic_pam_auth - PAM Basic authentication helper for Squid
7

SYNOPSIS

9       basic_pam_auth [-n service name  TTL ] [-o] [-1]
10

DESCRIPTION

12       basic_pam_auth  allows  Squid  to connect to a mostly any available PAM
13       database to validate the user name and password of Basic HTTP authenti‐
14       cation.
15

OPTIONS

17       -s  service-name
18                   Specifies  the  PAM  service  name  Squid uses, defaults to
19                   squid
20
21       -t  TTL     Enables persistent PAM connections where the connection  to
22                   the  PAM  database  is kept open and reused for new logins.
23                   The TTL specifies how long the connection will be kept open
24                   (in seconds).  Default is to not keep PAM connections open.
25                   Please note that the use of persistent PAM  connections  is
26                   slightly  outside  the  PAM  specification and may not work
27                   with all PAM configurations.
28
29       -o          Do not perform the PAM account  management  group  (account
30                   expiration etc)
31

CONFIGURATION

33       The  program  needs  a PAM service to be configured in /etc/pam.conf or
34       /etc/pam.d/squid
35
36       The default service name is squid , and the program makes  use  of  the
37       auth  and  account  management  groups  to  verify the password and the
38       accounts validity.
39
40       For details on how to configure PAM services, see the PAM documentation
41       for your system. This manual does not cover PAM configuration details.
42

NOTES

44       When  used  for  authenticating to local UNIX shadow password databases
45       the program must be running as root or else it  won't  have  sufficient
46       permissions to access the user password database. Such use of this pro‐
47       gram is not recommended, but if you absolutely need to  then  make  the
48       program setuid root
49
50              chown root basic_pam_auth
51              chmod u+s basic_pam_auth
52
53       Please note that in such configurations it is also strongly recommended
54       that the program is moved into a directory where  normal  users  cannot
55       access  it,  as  this  mode  of  operation will allow any local user to
56       brute-force other users passwords. Also note the program has  not  been
57       fully  audited  and the author cannot be held responsible for any secu‐
58       rity issues due to such installations.
59

AUTHOR

61       This  program  and  documentation  was  written  by  Henrik   Nordstrom
62       <hno@squid-cache.org>
63
65       Squid basic_pam_auth and this manual is Copyright 1999,2002,2003 Henrik
66       Nordstrom <hno@squid-cache.org> Distributed under the GNU General  Pub‐
67       lic License (GNU GPL) version 2 or later (GPLv2+).
68

QUESTIONS

70       Questions  on  the usage of this program can be sent to the Squid Users
71       mailing list <squid-users@squid-cache.org>
72

REPORTING BUGS

74       Bug reports  need  to  be  made  in  English.   See  http://wiki.squid-
75       cache.org/SquidFaq/BugReporting for details of what you need to include
76       with your bug report.
77
78       Report bugs or bug fixes using http://bugs.squid-cache.org/
79
80       Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>
81
82       Report ideas for new improvements to the Squid Developers mailing  list
83       <squid-dev@squid-cache.org>
84

SEE ALSO

86       squid(8), pam(3), pam.conf(5), chown(1), chmod(1), GPL(7),
87       PAM Systems Administrator Guide
88       The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
89       The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
90
91
92
93
94                                  5 Sep 2003                 basic_pam_auth(8)
Impressum