Search squid archive

[squid-users] Pam authentication /etc/shadow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

I am new to squid and I am having a little trouble
authenticating users against /etc/shadow. I am using
FC3, squid-2.5.STABLE6-3 and pam-0.77-66.2. I am
trying to use pam_auth (squid's tool) to authenticate
users against /etc/shadow, but It doesn't work. Here
is a little about my configuration files. (And I have
already setuid pam_auth)

from /etc/squid/squid.conf

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl password proxy_auth REQUIRED

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow password
http_access allow localhost
http_access deny all

---------------------

from /etc/pam.d/squid

auth required /lib/security/pam_unix.so shadow nullok
account required /lib/security/pam_unix.so
-------------------------------------
from /var/log/messages

Jan 31 17:01:43 gaara kernel: audit(1107190903.207:0):
avc:  denied  { search } for  pid=5217
exe=/usr/lib/squid/pam_auth name=selinux dev=hdc6
ino=849817 scontext=root:system_r:squid_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Jan 31 17:01:43 gaara kernel: audit(1107190903.210:0):
avc:  denied  { read } for  pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara last message repeated 5 times
Jan 31 17:01:43 gaara kernel: audit(1107190903.211:0):
avc:  denied  { read } for  pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.211:0):
avc:  denied  { read } for  pid=5217
exe=/usr/lib/squid/pam_auth name=shadow dev=hdc6
ino=798774 scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.216:0):
avc:  denied  { search } for  pid=5249
exe=/sbin/unix_chkpwd name=selinux dev=hdc6 ino=849817
scontext=root:system_r:squid_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Jan 31 17:01:43 gaara kernel: audit(1107190903.270:0):
avc:  denied  { read } for  pid=5249
exe=/sbin/unix_chkpwd name=shadow dev=hdc6 ino=798774
scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara kernel: audit(1107190903.270:0):
avc:  denied  { read } for  pid=5249
exe=/sbin/unix_chkpwd name=shadow dev=hdc6 ino=798774
scontext=root:system_r:squid_t
tcontext=system_u:object_r:shadow_t tclass=file
Jan 31 17:01:43 gaara unix_chkpwd[5249]: check pass;
user unknown
Jan 31 17:01:43 gaara squid(pam_unix)[5217]:
authentication failure; logname= uid=23 euid=0 tty=
ruser= rhost=  user=carlos

Does squid is running under its own UID? or it's using
root's UID?


Thanks!

Carlos

_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux