zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Squid3 pam_auth

March 28, 2013 by Igor Drobot 2 Comments

squid logo

Target of this Squid3 implementation is to authenticate against PAM.
It’s also possible to create a virtual user list, but if you have already a system with a bunch of system accounts. So here it is:

1
2
3
from /etc/pam.d/squid
auth     required /lib/security/pam_unix.so
account  required /lib/security/pam_unix.so

from /etc/pam.d/squid auth required /lib/security/pam_unix.so account required /lib/security/pam_unix.so

1
2
3
4
5
6
7
8
from /etc/squid3/squid.conf
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Proxy-Server proxy.drobot.de
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off
acl checkpw proxy_auth REQUIRED
http_access allow checkpw all

from /etc/squid3/squid.conf auth_param basic program /usr/lib/squid3/pam_auth auth_param basic children 5 auth_param basic realm Proxy-Server proxy.drobot.de auth_param basic credentialsttl 8 hours auth_param basic casesensitive off acl checkpw proxy_auth REQUIRED http_access allow checkpw all

After successful implementation of squid_auth users are still unable to authenticate via pam, from the auth.log

pam_unix(squid:auth): authentication failure; logname= uid=13 euid=13 tty= ruser= rhost= user=root

Setting permissions will solve this problem:

1
chmod u+s /usr/lib/squid3/pam_auth

chmod u+s /usr/lib/squid3/pam_auth

Change diff:

1
2
-rwxr-xr-x 1 root root 15280 Feb 23 17:12 /usr/lib/squid3/pam_auth
-rwsr-xr-x 1 root root 15280 Feb 23 17:12 /usr/lib/squid3/pam_auth

-rwxr-xr-x 1 root root 15280 Feb 23 17:12 /usr/lib/squid3/pam_auth -rwsr-xr-x 1 root root 15280 Feb 23 17:12 /usr/lib/squid3/pam_auth

Filed Under: Linux Tagged With: PAM Authentication, Proxy, Squid3

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Comments

  1. zeldor says

    May 1, 2013 at 18:39

    Ciantic, you need to fix permissions for “pam_unix.so” only if you have problem with authentication.

    Please try to find this lib:

    1
    
    updatedb && locate pam_unix.so

    updatedb && locate pam_unix.so

    I mean pam_unix.so library is installed by default on your system.

  2. Ciantic says

    May 1, 2013 at 18:11

    Ubuntu 12.04.2 LTS

    I don’t have /lib/security/pam_unix.so file, I did however found out that installing “libpam-unix2” package it installs pam_unix2.so but it doesn’t work with that.

    How did you get pam_unix.so file?

    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok