[squid-users] Re: PAM-Help!

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 1 Sep 2002 14:30:58 +0200

Authentication helpers to Squid is not more than a small program that
reads username and passwords pairs on stdin and returns OK/ERR on
stdout to Squid. How the helper figures out if the username+password
is valid or not is not Squids concern.

What this means is that if you can figure out any way to verify a
username+password, then this can quite easily be plugged into Squid.

Writing your own DBMS based authentication database for PAM involces
writing a PAM module for talking to this DBMS, and quite likely also
writing a NSS module for user database queries (userid, fullname,
home directory, group memberships etc..). A somewhat more complex
operation than to write a simple authentication helper to Squid or
patch your POP3 service to use this DBMS service, but once done will
allow the same PAM module to be seemlessly used for all services on
your server.

For security reasons it is advisable that any PAM login module
requires root for accessing the password database for other users
than the currently logged in user (effective user id).

Regards
Henrik

On Sunday 01 September 2002 13.08, S.Gopinath wrote:
> Dear Sir,
> Thanks for your reply. Yes. I require to use Linux Shadow password
> database as my users also need to use POP3 etc. I'try to lean
> Authenticator helper and I try to understand and use it. If there
> are any materials you may also point it to me. I'm extremly happy
> to note the support I'm getting. I also wish to write my own DBMS
> based Authentication database whith PAM support. Thanks,
> S.Gopinath
Received on Sun Sep 01 2002 - 07:14:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:00 MST