Bug 56027
Summary: | pam authentication fails | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Matt Swanson <matt.swanson> |
Component: | squid | Assignee: | Martin Stransky <stransky> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | andrew |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i586 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-07 10:40:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matt Swanson
2001-11-11 06:33:59 UTC
I have just completed a commercial install and had much the same experience. I did however get slightly different results. The first user did not always validate even with known good passwords. Subsequent validations may or may not produce accurate results. I failed to find any good pattern. This was tested with the connector having been launched by hand outside of squid, so this is not a core squid issue. To confirm this I ran up a shell script that always gave an OK response and logged the username/password pairs. Squid behaved just fine. Also it should be noted that I could not get the connector to work without making it setuid root. Squid in the default install runs as a non root user and the PAM connector seems to require root permissions to run properly. There is an additional/related issue with both the PAM and NCSA authenticators, neither come as setuid root. As squid runs as a non-root account it does not have permissions to access the password database .. well not if the system is running shadow passwords anyway. I am using squid with the ncsa authenticator, and need to reset the perms on the authentication binary every time the package is upgraded. Can these files be routinely setuid root out of the box ? All of the above is still true for RH 8.0 |