md5 crypt and ncsa_auth

Michael Cohen michael.cohen at
Thu Feb 27 17:51:59 EST 2003

Hash: SHA1

Wouldnt you be able to use other pam modules in conjunction with pam_auth to 
achieve this. Would pam_auth just look in /etc/pam.d/squid to look at the 
authentication files and then you could simply mix in whatever other pam 
stuff you need (like pam_time or pam_access for example).


On Wed 26 Feb 03 19:17, Joel Pearson wrote:
> That's not quite how I want to do it, I want to be able to copy the hashes
> out of the shadow password file into another file and then authenticate
> from the other file.
> The reason I want this is because I don't always want to allow all users to
> be able to use the proxy all the time.  Say if I want to disable a specific
> user from using the proxy I could just remove them from the squid password
> file.  But if I was directly using the shadow password file, users wouldn't
> be able to log on if I removed them from the shadow password file.
> So I think I'm still where I started, would it be hard to mod the ncsa_auth
> program to be able to authenticate from the hashes in the shadow password
> file?  Or is there some way to point the pam module to look at something
> other than the shadow password file?
> Thanks
> "Brett Worth" <brettw at> wrote in message
> news:Pine.LNX.4.44.0302261851090.6124-100000 at
> > On Wed, 26 Feb 2003, Joel Pearson wrote:
> > > Now on the 2nd  part of the question, how hard would it be to change
> > > the attached code ncsa_auth.c to support md5 crypt as opposed to just
> > > crypt?
> >
> > Are you trying to get squid to do shadow password authentication?
> > If so then you probably want pam_auth.
> >
> > Take a look at:
> >
> >
> > There you'll find detailed instructions on how to set it up.
> >
> > I just checked it and it does work on RH8.0.  The suid u+s on
> > /usr/lib/squid/pam_auth is required unfortunately.
> >
> > --
> > Brett
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


More information about the linux mailing list