Re: [squid-users] PAM again

From: <christian.schoeniger@dont-contact.us>
Date: Wed, 15 May 2002 13:12:32 +0200

i also use PAM to autheticate against a NT domain. my pam config is:

pxy2 /etc/pam.d# more squid
#%PAM-1.0
auth required /lib/security/pam_smb_auth_1.1.6.so nolocal
account required /lib/security/pam_permit.so

pam_permit.so returns always success, so no local account is needed.
should work simular for other pam modules.

"Squid Support (Henrik Nordstrom)" schrieb:
>
> Depends on what you refer to by "system users".
>
> The system needs to know about these users, but they do not need to
> be allowed to use any other service than Squid.
>
> PAM is a system for plugging in different password verification
> mechanisms into the system logon process.
>
> If you don't want the system to know about these users at all, then
> don't use PAM and instead use a direct Squid integration with the
> password database in question.
>
> Note: There exists a RADIUS helper to Squid. See "Related software".
>
> Regargs
> Henrik
>
> On Wednesday 15 May 2002 09:10, Aleksey Trubin wrote:
> > This question is mostly for Henrik...
> > Is it possible to use pam_auth module without making the system
> > users? I.e. squid can't make authorization with pam_auth if squid
> > user (ident) isn'n the system user. But can be a RADIUS problem (I
> > use pam_radius.so in pam.conf).
> > FreeBSD4.5STABLE
> > Squid2.4_9
> > XTRadius
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Your source of advanced web reverse proxying solutions
> http://www.marasystems.com/products/
Received on Wed May 15 2002 - 05:12:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:07 MST