manuals

NAME

       pam_auth - Squid PAM authentication helper

SYNOPSIS

       squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]

DESCRIPTION

       This  helper  allows  Squid  to  connect  to a mostly any available PAM
       database  to  validate  the  user  name  and  password  of  Basic  HTTP
       authentication.

       -s service-name
              Specifies the PAM service name Squid uses, defaults to "squid"

       -t TTL Enables  persistent  PAM connections where the connection to the
              PAM database is kept open and reused for  new  logins.  The  TTL
              specifies  how  long  the  connection  will  be  kept  open  (in
              seconds).  Default is to not keep PAM connections  open.  Please
              note  that  the  use  of  persistent PAM connections is slightly
              outside the PAM specification and may  not  work  with  all  PAM
              configurations.

       -o     Do  not  perform  the  PAM  account  management  group  (account
              expiration etc)

CONFIGURATION

       The program needs a PAM service to be configured  in  /etc/pam.conf  or
       /etc/pam.d/<servicename>

       The  default  service name is "squid", and the program makes use of the
       'auth' and 'account' management groups to verify the password  and  the
       accounts validity.

       For details on how to configure PAM services, see the PAM documentation
       for your system. This manual does not cover PAM configuration details.

NOTES

       When used for authenticating to local UNIX  shadow  password  databases
       the  program  must  be running as root or else it won't have sufficient
       permissions to access the user password  database.  Such  use  of  this
       program is not recommended, but if you absolutely need to then make the
       program setuid root

              chown root pam_auth
              chmod u+s pam_auth

       Please note that in such configurations it is also strongly recommended
       that  the  program  is moved into a directory where normal users cannot
       access it, as this mode of operation  will  allow  any  local  user  to
       brute-force  other  users passwords. Also note the program has not been
       fully audited and  the  author  cannot  be  held  responsible  for  any
       security issues due to such installations.

AUTHOR

       Squid   pam_auth  and  this  manual  is  written  by  Henrik  Nordstrom
       <hno@squid-cache.org>

COPYRIGHT

       Squid pam_auth and  this  manual  is  Copyright  1999,2002,2003  Henrik
       Nordstrom <hno@squid-cache.org>

QUESTIONS

       Questions  on  the usage of this program can be sent to the Squid Users
       <squid-users@squid-cache.org> mailing list.

REPORTING BUGS

       Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org>  or
       ideas  for  new  improvements  to  Squid  Developers  <squid-dev@squid-
       cache.org>

SEE ALSO

       pam(8), PAM Systems Administrator Guide