Hi Henrik, thanks for the quick response! Funny you should suggest
PAM. The trouble is that I thought this was the way to go as well in
the beginning, but I ended up with a bunch of warnings and errors in
the make. I did this for the config script:
./configure --enable-basic-auth-helpers=PAM
And that seemed to do okay. But when I issued the 'make' I got a lot
of stuff like this:
pam_auth.c:74:31: security/pam_appl.h: No such file or directory
pam_auth.c:100: warning: `struct pam_response' declared inside
parameter list
pam_auth.c:100: warning: its scope is only this definition or
declaration, which is probably not what you want
pam_auth.c:100: warning: `struct pam_message' declared inside
parameter list
pam_auth.c: In function `password_conversation':
pam_auth.c:102: error: dereferencing pointer to incomplete type
pam_auth.c:102: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use in
this function)
pam_auth.c:102: error: (Each undeclared identifier is reported only once
pam_auth.c:102: error: for each function it appears in.)
pam_auth.c:103: error: dereferencing pointer to incomplete type
pam_auth.c:103: error: dereferencing pointer to incomplete type
pam_auth.c:104: error: `PAM_CONV_ERR' undeclared (first use in this
function)
pam_auth.c:116: error: invalid application of `sizeof' to an
incomplete type
pam_auth.c:121: error: invalid use of undefined type `struct
pam_response'
pam_auth.c:121: error: dereferencing pointer to incomplete type
pam_auth.c:122: error: invalid use of undefined type `struct
pam_response'
pam_auth.c:122: error: dereferencing pointer to incomplete type
pam_auth.c:124: error: invalid use of undefined type `struct
pam_response'
pam_auth.c:124: error: dereferencing pointer to incomplete type
pam_auth.c:124: error: `PAM_SUCCESS' undeclared (first use in this
function)
pam_auth.c: At top level:
pam_auth.c:127: error: variable `conv' has initializer but incomplete
type
pam_auth.c:129: warning: excess elements in struct initializer
pam_auth.c:129: warning: (near initialization for `conv')
pam_auth.c:131: warning: excess elements in struct initializer
pam_auth.c:131: warning: (near initialization for `conv')
pam_auth.c: In function `main':
pam_auth.c:148: error: `pam_handle_t' undeclared (first use in this
function)
pam_auth.c:148: error: `pamh' undeclared (first use in this function)
pam_auth.c:149: error: `PAM_SUCCESS' undeclared (first use in this
function)
pam_auth.c:207: error: invalid use of undefined type `struct pam_conv'
pam_auth.c:211: warning: implicit declaration of function `pam_start'
pam_auth.c:219: warning: implicit declaration of function `pam_end'
pam_auth.c:237: warning: implicit declaration of function `pam_set_item'
pam_auth.c:237: error: `PAM_USER' undeclared (first use in this
function)
pam_auth.c:239: error: `PAM_CONV' undeclared (first use in this
function)
pam_auth.c:242: warning: implicit declaration of function
`pam_authenticate'
pam_auth.c:244: warning: implicit declaration of function
`pam_acct_mgmt'
pam_auth.c: At top level:
pam_auth.c:127: error: storage size of `conv' isn't known
make[3]: *** [pam_auth.o] Error 1
make[3]: Leaving directory `/root/squid/helpers/basic_auth/PAM'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/squid/helpers/basic_auth'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/squid/helpers'
make: *** [all-recursive] Error 1
I spent half a day googling around for solutions to this before I
moved on to the idea of using getpwnam. However, I would much rather
use PAM if I can get it working. Any suggestions on the above? Thanks!
Robert
On Jun 22, 2006, at 6:51 PM, Henrik Nordstrom wrote:
tor 2006-06-22 klockan 17:39 -0400 skrev Robert Denton:
but what is the syntax if I want to use getpwnam? Something like
this:
auth_param basic program getpwnam /etc/passwd ???
You should probably be using the PAM helper.. the getpwnam only
supports
non-shadow systems using crypt hasing (not MD5).
getpwnam:
auth_param basic program /path/to/squid/libexec/getpwnam_auth
no additional configuration, but only works in the exact conditions
abowe, which is a diminishing small population of hosts today..
PAM:
auth_param basic program /path/to/squid/libexec/pam_uath
and suitable squid service definition on your systems PAM config. See
the pam_auth documentation (man page shipped with Squid).
Regards
Henrik