Main Menu
Home
Search
Support
How To's
OpenWiki
Contact Us
Users Blogs
User HowTo's
Announcements
Google Translation

 

 

 

 
squid with pam authentication PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Paul Matthews   

Name: Squid
HomePage: http://www.squid-cache.org/
Function: proxy caching server for web clients

Name: PAM
HomePage: http://www.kernel.org/pub/linux/libs/pam/
Function: Linux-PAM (Pluggable Authentication Modules for Linux)

 

Now I'm going to use PAM to authenticate squid.

1. To get squid working with pam authentication firstly we need to edit the squid.conf file and add the following lines in the right area's

 

nano /etc/squid/squid.conf

 

squid.conf:
(in the basic auth area)
auth_param basic program /usr/lib/squid/pam_auth

 

squid with pam authentication

nano /etc/squid/squid.conf

 

squid.conf:
(in the acl's area)
acl pam proxy_auth REQUIRED

 

squid with pam authentication

nano /etc/squid/squid.conf

 

squid.conf:
(in the http_access area)
http_access allow pam

 

squid with pam authentication

2.  Now change the permissions on the pam_auth file

 

chmod u+s /usr/lib/squid/pam_auth

 

squid with pam authentication

3. Next remove all other http_access commands

4. Restart the squid server

/etc/init.d/squid restart

 

squid with pam authentication

5. At this point you can edit the squid pam module

 

nano /etc/pam.d/squid

 

squid:
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session optional      /lib/security/$ISA/pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

 

squid with pam authentication

6. PAM (pluggable authenticate module) can authenticate against almost anything, unix, LDAP, winbind. it has many, many uses so look into PAM if you think it might be useful for you.
 

BookMarking:

 

cell1
cell3 Submit to del.icio.us
cell4
 AddThis Social Bookmark Button

Trouble Shooting:



Go to the wiki page

Go to the 'Contact Us ' Forum

Go to the how-to's Support Forum

External Links:

 

http://lotso.livejournal.com/1863.htm
Last Updated ( Sunday, 03 June 2007 )
 
Next >
[ Back ]