> During a review on squid, we found the following setuid-binary set to > run as root > E: squid setuid-binary /usr/lib64/squid/ncsa_auth root 04750 > E: squid setuid-binary /usr/lib64/squid/pam_auth root 04750 > > Kicking around Google I find that: > > ncsa_auth allows Squid to read and authenticate user and password > information from an NCSA/Apache httpd-style password file when using > basic HTTP authentication. > > Pam_auth allows Squid to connect to a mostly any available PAM database > to validate the user name and password of Basic HTTP authentication. > > The only thing I can think of these being used for is if we needed to > allow normal users to access squid, or to auth to the cachemngr.cgi - is > this true? Is it safe to turn this off if I don't want to use either of > these features? If so, shouldn't this be off by default? If you are not using basic auth, then yes it is probably safe to turn them off by default. Amos
