pam_auth

pam_auth(8)                                                        pam_auth(8)



NAME
       pam_auth - Squid PAM authentication helper

SYNOPSIS
       squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]

DESCRIPTION
       This  helper  allows  Squid  to  connect  to a mostly any available PAM
       database to validate the user name and password of Basic HTTP authenti-
       cation.

       -s service-name
              Specifies the PAM service name Squid uses, defaults to "squid"

       -t TTL Unless  the  -1  option is used, this specified for how long the
              connection to the PAM database should be kept  open  and  reused
              for new logins. Defaults to 60 seconds.

       -o     Do not perform the PAM account management group (account expira-
              tion etc)


       -1     Specifies "One shot" mode, where a new PAM  connection  will  be
              opened  for  each new user. This is how PAM is normally used and
              may be required by some backend databases.  The  default  is  to
              reuse the PAM connection to maximize performance. (see -t above)

CONFIGURATION
       The program needs a PAM service to be configured  in  /etc/pam.conf  or
       /etc/pam.d/<servicename>

       The  default  service name is "squid", and the program makes use of the
       'auth' and 'account' management groups to verify the password  and  the
       accounts validity.

       For details on how to configure PAM services, see the PAM documentation
       for your system. This manual does not cover PAM configuration  details.

NOTES
       When  used  for  authenticating to local UNIX shadow password databases
       the program must be running as root or else it  won't  have  sufficient
       permissions to access the user password database. Such use of this pro-
       gram is not recommended, but if you absolutely need to  then  make  the
       program setuid root

              chown root pam_auth
              chmod u+s pam_auth

       Please note that in such configurations it is also strongly recommended
       that the program is moved into a directory where  normal  users  cannot
       access  it,  as  this  mode  of  operation will allow any local user to
       brute-force other users passwords. Also note the program has  not  been
       fully  audited  and the author cannot be held responsible for any secu-
       rity issues due to such installations.

AUTHOR
       Squid  pam_auth  and  this  manual  is  written  by  Henrik   Nordstrom
       <hno@squid-cache.org>

COPYRIGHT
       Squid  pam_auth and this manual is Copyright 1999,2002 Henrik Nordstrom
       <hno@squid-cache.org>

QUESTIONS
       Questions on the usage of this program can be sent to the  Squid  Users
       <squid-users@squid-cache.org> mailing list.

REPORTING BUGS
       Report  bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org> or
       ideas  for  new  improvements  to  Squid  Developers  <squid-dev@squid-
       cache.org>

SEE ALSO
       pam(8), PAM Systems Administrator Guide



Squid PAM Auth                    15 May 2002                      pam_auth(8)