On Tue, 19 Dec 2000, DBP Network Administrator wrote:
<snip>
> I'm using Squid 2.3 STABLE4. I've just made
> ncsa_auth worked for me but I don't want to
> create separate password file for Squid authentication
> but rather use my existing user accounts/passwords in RH6.2.
> I don't have RADIUS server and I also would not want
> to authenticate via MSNT or SMB.
>
<snip>
since you've already configured ncsa_auth, it wouldn't be hard to
configure it to use the local users for authentication. no need to tweak
pam.
I had configured this for one of our clients on an RH 6.1 box
in your squid.conf, the authenticate_program option should look like this.
authenticate_program /usr/local/squid/bin/ncsa_auth /etc/shadow
where /usr/local/squid/bin/ncsa_auth is the location of your ncsa_auth
program.
lastly, make sure that ncsa_auth is SETUID ROOT otherwise, it won't be
able to read /etc/shadow hence, reject all requests. You could do it with
these commands (as root)
chown root.root /usr/local/squid/bin/ncsa_auth
chmod u+s /usr/local/squid/bin/ncsa_auth
this assumes that ncsa_auth is at /usr/local/squid/bin/ncsa_auth . You
have to change this if appropriate.
OTOH, if you're not using shadow passwords (which is a MAJOR security
hole), replace /etc/shadow with /etc/passwd .
hope this helps.
regards,
-Mark
*************************************************************************
Mark Anthony J. Mercado [EMAIL PROTECTED]
Laguna Internet, Incorporated
Rm 404 Vega Centre, Lopez Avenue, Los Banos, Laguna, Philippines 4030
Ph. 63 49 536.0085 Fax. 63 49 536.0067
*************************************************************************
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
