1pam_auth(8)                 System Manager's Manual                pam_auth(8)
2
3
4

NAME

6       pam_auth - Squid PAM authentication helper
7

SYNOPSIS

9       squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]
10

DESCRIPTION

12       This helper allows Squid to connect to a mostly any available PAM data‐
13       base to validate the user name and password of Basic  HTTP  authentica‐
14       tion.
15
16       -s service-name
17              Specifies the PAM service name Squid uses, defaults to "squid"
18
19       -t TTL Enables  persistent  PAM connections where the connection to the
20              PAM database is kept open and reused for  new  logins.  The  TTL
21              specifies how long the connetion will be kept open (in seconds).
22              Default is to not keep PAM connections open.  Please  note  that
23              the  use  of  persistent PAM connections is slightly outside the
24              PAM specification and may not work with all PAM configurations.
25
26       -o     Do not perform the PAM account management group (account expira‐
27              tion etc)
28
29

CONFIGURATION

31       The  program  needs  a PAM service to be configured in /etc/pam.conf or
32       /etc/pam.d/<servicename>
33
34       The default service name is "squid", and the program makes use  of  the
35       'auth'  and  'account' management groups to verify the password and the
36       accounts validity.
37
38       For details on how to configure PAM services, see the PAM documentation
39       for  your system. This manual does not cover PAM configuration details.
40       The existing PAM service definitions for  other  applications  on  your
41       system  is  also  a  good source for examples on how to configure a PAM
42       service.
43

NOTES

45       When used for authenticating to local UNIX  shadow  password  databases
46       the  program  must  be running as root or else it won't have sufficient
47       permissions to access the user password database. Such use of this pro‐
48       gram  is  not  recommended, but if you absolutely need to then make the
49       program setuid root
50
51              chown root pam_auth
52              chmod u+s pam_auth
53
54       Please note that in such configurations it is also strongly recommended
55       that  the  program  is moved into a directory where normal users cannot
56       access it, as this mode of operation  will  allow  any  local  user  to
57       brute-force  other  users passwords. Also note the program has not been
58       fully audited and the author cannot be held responsible for  any  secu‐
59       rity issues due to such installations.
60

AUTHOR

62       Squid   pam_auth  and  this  manual  is  written  by  Henrik  Nordstrom
63       <hno@squid-cache.org>
64

COPYRIGHT

66       Squid pam_auth and this manual is Copyright 1999,2002,2003 Henrik Nord‐
67       strom <hno@squid-cache.org>
68

QUESTIONS

70       Questions  on  the usage of this program can be sent to the Squid Users
71       <squid-users@squid-cache.org> mailing list.
72

REPORTING BUGS

74       Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org>  or
75       ideas  for  new  improvements  to  Squid  Developers  <squid-dev@squid-
76       cache.org>
77

SEE ALSO

79       pam(8), PAM Systems Administrator Guide
80
81
82
83Squid PAM Auth                    5 Sep 2003                       pam_auth(8)