What a perfect way to end the work week!
The issue is resolved. The missing piece was to toggle the s bit on
pam_auth.
chmod ug+s pam_auth
So thanks to everyone for contributing to my little problem, and I
hope these emails will help others in their quest to pam authenticate
their users!
Robert Denton
Network Administrator
Headsprout
800.401.5062 x1305
www.headsprout.com
On Jun 23, 2006, at 4:52 PM, Robert Denton wrote:
No such luck. Here is what I have so far...
After installing pam-devel I was able to configure and make squid
to use PAM. I also yum updated everything to make sure I wasn't
missing anything, and that nothing I had was outdated.
I set the auth_param program to use the pam_auth.
I chown'd it to root, as suggested in the man page for pam_auth
I created the squid config file in pam.d
I restarted the squid service
authconfig shows USESHADOW=yes
As far as I can tell I have everything installed and configured
correctly, yet I cannot authenticate to squid from a browser set to
use this machine as a proxy. And I can clearly see the denials in
messages as well as in the squid logs, such as...
Jun 23 16:47:38 stormcrow squid(pam_unix)[2680]: authentication
failure; logname= uid=23 euid=23 tty= ruser= rhost= user=joe
So it sees the user, but it is not taking the password for some
reason. Can anyone point me in the right direction on this?
Robert Denton
Network Administrator
Headsprout
800.401.5062 x1305
www.headsprout.com
On Jun 23, 2006, at 3:58 PM, Robert Denton wrote:
Terrific, I am making progress on this. The absense of the
pam.conf file in /etc is irrelevant since, according to the man
page for pam, the mere existence of the pam.d dir will cause pam
to completely ignore pam.conf. I have such a dir. However inside
there is NO squid file. My plan is to make one by doing this:
cp samba squid
since the samba file looks pretty simple and somewhat
representative of the config files inside pam.d. Whatsmore, there
is nothing inside samba that seems specific to samba, likewise
with similar pam.d config files such as sudo, etc. Also, the
follow example I found on the web is mostly the same but doesn't
exactly match my system:
auth required /lib/security/pam_stack.so service=system-
auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so
service=system-auth
password required /lib/security/pam_stack.so
service=system-auth
session required /lib/security/pam_stack.so
service=system-auth
Does anyone see any problems with this? I will try it and report
back the results.
Robert
On Jun 23, 2006, at 2:19 PM, Robert Denton wrote:
This note may have been a bit premature. I installed pam-devel
and the make output is different, although the /etc/squid/libexec
directory I was expecting to appear is still not there. A
find -name *pam_auth* reveals there is such a file here:
./usr/lib/squid/pam_auth
which I suppose will work, but there is also no pam.conf file
anywhere to be found. I am running red hat 9. Shouldn't there
be a pam.conf file somewhere?
