md5 crypt and ncsa_auth
Michael Cohen
michael.cohen at netspeed.com.au
Thu Feb 27 17:51:59 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wouldnt you be able to use other pam modules in conjunction with pam_auth to
achieve this. Would pam_auth just look in /etc/pam.d/squid to look at the
authentication files and then you could simply mix in whatever other pam
stuff you need (like pam_time or pam_access for example).
Michael.
On Wed 26 Feb 03 19:17, Joel Pearson wrote:
> That's not quite how I want to do it, I want to be able to copy the hashes
> out of the shadow password file into another file and then authenticate
> from the other file.
> The reason I want this is because I don't always want to allow all users to
> be able to use the proxy all the time. Say if I want to disable a specific
> user from using the proxy I could just remove them from the squid password
> file. But if I was directly using the shadow password file, users wouldn't
> be able to log on if I removed them from the shadow password file.
>
> So I think I'm still where I started, would it be hard to mod the ncsa_auth
> program to be able to authenticate from the hashes in the shadow password
> file? Or is there some way to point the pam module to look at something
> other than the shadow password file?
>
> Thanks
>
> "Brett Worth" <brettw at cray.com> wrote in message
> news:Pine.LNX.4.44.0302261851090.6124-100000 at cbrserv.au.cray.com...
>
> > On Wed, 26 Feb 2003, Joel Pearson wrote:
> > > Now on the 2nd part of the question, how hard would it be to change
> > > the attached code ncsa_auth.c to support md5 crypt as opposed to just
> > > crypt?
> >
> > Are you trying to get squid to do shadow password authentication?
> > If so then you probably want pam_auth.
> >
> > Take a look at:
> > http://www.pcquest.com/content/linux/handson/101071104.asp
> >
> > There you'll find detailed instructions on how to set it up.
> >
> > I just checked it and it does work on RH8.0. The suid u+s on
> > /usr/lib/squid/pam_auth is required unfortunately.
> >
> > --
> > Brett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+XbWSZMnBgI6aclcRAgomAJkBgIPRniIL+iH7QBDnX8q0tPqSywCdEcZt
oJJem27IpcQ5xEAPmg72Dbs=
=kwIi
-----END PGP SIGNATURE-----
More information about the linux
mailing list