Henrik Nordstrom wrote: > tor 2006-04-27 klockan 23:12 -0300 skrev Giancarlo Razzolini: > >> I took a quick look on the configure tests that squid make, and didn't >> saw it looking for shadow.h or the shadow suite (correct me if I'm >> wrong). So i think that a simple test should suffice. And perhaps a >> variable like HAVE_SHADOW_H could be added to the config.h. I didn't >> knew that some systems have the 2 kind of authentication, but if you say >> so, i believe. Nowadays, the majority of systems have some kind of >> shadowing. > > You only need to add the header and function to the configure.in tests, > the defines gets automatically defined from there.. > >> passwords. I can write a new helper using the getspnam function or can >> modify the getpwnam helper to do both the authentications. I believe >> that the second is the most desirable, because on the systems you >> mentioned (that have both methods), only some users would authenticate >> (ie. the ones that the helper you are using can authenticate). > > I am fine with either way. No strong opinion in either direction. > >> Anyway, the helper should be run with the suid root bit set, or could >> use some kind of privilege separation. The plugin i wrote does this. So >> even if the OpenVPN process drop it's privileges and is run in a chroot, >> users still authenticate, because my plugin does a fork() and leave a >> background process running as root. And a new configure test should be >> made to look for the shadow suite. > > With Squid we do not have such luxury of being able to fork of before. > The helpers always gets started after chrooting and dropping privileges, > and helpers needing special privileges needs to be privileged to restore > them.. (i.e. set-user-id or similar). > > Regards > Henrik
Right. I'll write the patch to the getpwnam.c and configure.in files. This helper have some kind of documentation? If not, I'm willing to write it too. I get in contact when i have some code. My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
signature.asc
Description: OpenPGP digital signature
