Mailinglist Archive: opensuse-security (274 mails)
| < Previous | Next > |
Squid 2.5.STABLE1 with User Authentication
- From: "Junge, Stefan" <Stefan.Junge@xxxxxxxxxxxxxxx>
- Date: Fri, 22 Aug 2003 07:35:52 +0200
- Message-id: <C046B8B0A5BCD411B92500508BB07EFB0394EBC2@xxxxxxxxxxxxxxx>
Hello,
I have installed SuSE 8.2 with 2.5.STABLE1.
I would like to authenticate my users with PAM.
The configuration since squid 2.4 has hanged.
I followed the notes in /etc/squid.conf and I tried to use the "auth_param"
directive
# TAG: auth_param
# This is used to pass parameters to the various authentication
# schemes.
# format: auth_param scheme parameter [setting]
#
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
# would tell the basic authentication scheme it's program parameter.
#
# The order that authentication prompts are presented to the
client_agent
# is dependant on the order the scheme first appears in config file.
# IE has a bug (it's not rfc 2617 compliant) in that it will use the
basic
# scheme if basic is the first entry presented, even if more secure
schemes
# are presented. For now use the order in the file below. If other
browsers
# have difficulties (don't recognise the schemes offered even if you
are using
# basic) then either put basic first, or disable the other schemes (by
commenting
# out their program entry).
#
# Once an authentication scheme is fully configured, it can only be
shutdown
# by shutting squid down and restarting. Changes can be made on the
fly and
# activated with a reconfigure. I.E. You can change to a different
helper,
# but not unconfigure the helper completely.
#
# === Parameters for the basic scheme follow. ===
#
# "program" cmdline
# Specify the command for the external authenticator. Such a
# program reads a line containing "username password" and replies
# "OK" or "ERR" in an endless loop. If you use an authenticator,
# make sure you have 1 acl of type proxy_auth. By default, the
# basic authentication sheme is not used unless a program is
specified.
#
# If you want to use the traditional proxy authentication,
# jump over to the ../auth_modules/NCSA directory and
# type:
# % make
# % make install
#
# Then, set this line to something like
#
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
I have used the following entries:
auth_param basic program /usr/sbin/pam_auth and appropriate acl`s.
(Because pam_auth worked properly with squid 2.4 and I could not find the
directory auth_modules)
This does not work !
I have searched for the "auth_modules" directory .... but where is it ?
I can not find the directory to do the "traditional proxy authentication..."
What about the files /etc/pam.d/squid and /usr/sbin/pam_auth ? Are they no
longer used ?
I have used this with squid 2.4.
What to do now ?
CU
Stefan
I have installed SuSE 8.2 with 2.5.STABLE1.
I would like to authenticate my users with PAM.
The configuration since squid 2.4 has hanged.
I followed the notes in /etc/squid.conf and I tried to use the "auth_param"
directive
# TAG: auth_param
# This is used to pass parameters to the various authentication
# schemes.
# format: auth_param scheme parameter [setting]
#
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
# would tell the basic authentication scheme it's program parameter.
#
# The order that authentication prompts are presented to the
client_agent
# is dependant on the order the scheme first appears in config file.
# IE has a bug (it's not rfc 2617 compliant) in that it will use the
basic
# scheme if basic is the first entry presented, even if more secure
schemes
# are presented. For now use the order in the file below. If other
browsers
# have difficulties (don't recognise the schemes offered even if you
are using
# basic) then either put basic first, or disable the other schemes (by
commenting
# out their program entry).
#
# Once an authentication scheme is fully configured, it can only be
shutdown
# by shutting squid down and restarting. Changes can be made on the
fly and
# activated with a reconfigure. I.E. You can change to a different
helper,
# but not unconfigure the helper completely.
#
# === Parameters for the basic scheme follow. ===
#
# "program" cmdline
# Specify the command for the external authenticator. Such a
# program reads a line containing "username password" and replies
# "OK" or "ERR" in an endless loop. If you use an authenticator,
# make sure you have 1 acl of type proxy_auth. By default, the
# basic authentication sheme is not used unless a program is
specified.
#
# If you want to use the traditional proxy authentication,
# jump over to the ../auth_modules/NCSA directory and
# type:
# % make
# % make install
#
# Then, set this line to something like
#
# auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
I have used the following entries:
auth_param basic program /usr/sbin/pam_auth and appropriate acl`s.
(Because pam_auth worked properly with squid 2.4 and I could not find the
directory auth_modules)
This does not work !
I have searched for the "auth_modules" directory .... but where is it ?
I can not find the directory to do the "traditional proxy authentication..."
What about the files /etc/pam.d/squid and /usr/sbin/pam_auth ? Are they no
longer used ?
I have used this with squid 2.4.
What to do now ?
CU
Stefan
| < Previous | Next > |