Search squid archive

pam_auth errors from squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I seem to have a plethora of pam_auth errors originating from the
account that my squid3 (3.0.RC1) server is using.  For example:

04:17:18 (pam_auth) (pam_unix) authentication failure; logname= uid=13 euid=13 tty= ruser= rhost=  user=brian
04:23:35 (pam_auth) (pam_unix) authentication failure; logname= uid=13 euid=13 tty= ruser= rhost=  user=brian
04:47:18 (pam_auth) (pam_unix) authentication failure; logname= uid=13 euid=13 tty= ruser= rhost=  user=brian

I'm assuming that these are somehow related to the authentication that I
have configured my squid3 to require.  I have my auth_param settings as
follows:

auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 1
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Which should, via pam, authenticate the user against my Kerberos
database.

Interestingly enough, a read through the squid_pam_auth manpage suggests
that without a "-s"[1] argument squid3 will use the "squid" service
name, however I don't have a "squid" service defined in my pam
configuration:

# ls /etc/pam.d/
chfn  common-account  common-password  cron  lmtp   other   quagga  sieve  su
chsh  common-auth     common-session   imap  login  passwd  samba   ssh    sudo

So I'm not even sure how that authentication is working (but it is) at
all.

But back to the pam_auth errors... why would those errors be happening?
I only ever get asked for my proxy password at the start of a browser
session and never again until I close the browser and start again.  I
suspect that every 2 hours (as per my config above) the proxy and
browser have to handshake the auth again, but that password shouldn't be
any more wrong than it was the first time, right?

Any ideas?
b.

[1] there is a conflict in the manpage:

       squid_pam_auth [-n "service name"] [-t TTL] [-o] [-1]
...
       -s service-name
              Specifies the PAM service name Squid uses, defaults to "squid"

There is also a speeling error in the manpage:

              specifies how long the connetion will be kept open (in seconds).
                                          ^


-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux