[thirdparty/squid.git] / src / auth / basic / PAM / basic_pam_auth.8

.if !'po4a'hide' .TH basic_pam_auth 8 "5 Sep 2003"
.
.SH NAME
basic_pam_auth \- PAM Basic authentication helper for Squid
.
.SH SYNOPSIS
.if !'po4a'hide' .B "basic_pam_auth [\-n \""
service name
.if !'po4a'hide' .B "\"] [\-t "
TTL
.if !'po4a'hide' .B "] [\-o] [\-1]"
.
.SH DESCRIPTION
.B basic_pam_auth
allows Squid to connect to a mostly any available PAM
database to validate the user name and password of Basic HTTP
authentication.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
.if !'po4a'hide' .B "\-s " "service\-name"
Specifies the PAM service name Squid uses, defaults to
.B squid
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B "\-t " TTL
Enables persistent PAM connections where the connection to the PAM
database is kept open and reused for new logins. The TTL specifies
how long the connection will be kept open (in seconds).  Default is
to not keep PAM connections open. Please note that the use of
persistent PAM connections is slightly outside the PAM
specification and may not work with all PAM configurations.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B \-o
Do not perform the PAM account management group (account
expiration etc)
.
.SH CONFIGURATION
The program needs a PAM service to be configured in 
.BR /etc/pam.conf
or
.BR /etc/pam.d/squid
.PP
The default service name is
.B squid
, and the program makes use of the
.B auth
and
.B account
management groups to verify the password and the accounts validity.
.PP
For details on how to configure PAM services, see the PAM
documentation for your system. This manual does not cover PAM
configuration details.
.
.SH NOTES
.
When used for authenticating to local UNIX shadow password databases
the program must be running as root or else it won't have sufficient
permissions to access the user password database. Such use of this
program is not recommended, but if you absolutely need to then make
the program setuid root
.if !'po4a'hide' .RS
.if !'po4a'hide' .P
.if !'po4a'hide' .B chown root basic_pam_auth
.if !'po4a'hide' .br
.if !'po4a'hide' .B chmod u+s basic_pam_auth
.if !'po4a'hide' .RE
.PP
Please note that in such configurations it is also strongly recommended
that the program is moved into a directory where normal users cannot
access it, as this mode of operation will allow any local user to
brute-force other users passwords. Also note the program has not been
fully audited and the author cannot be held responsible for any security
issues due to such installations.
.
.SH AUTHOR
This program and documentation was written by
.if !'po4a'hide' .I Henrik Nordstrom <hno@squid-cache.org>
.
.SH COPYRIGHT
.PP
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
.PP
Squid
.B basic_pam_auth
and this manual is Copyright 1999,2002,2003
.if !'po4a'hide' .I Henrik Nordstrom <hno@squid-cache.org>
.
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.I Squid Users mailing list
.if !'po4a'hide' <squid-users@lists.squid-cache.org>
.
.SH REPORTING BUGS
Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
.PP
Report bugs or bug fixes using http://bugs.squid-cache.org/
.PP
Report serious security bugs to
.I Squid Bugs <squid-bugs@lists.squid-cache.org>
.PP
Report ideas for new improvements to the
.I Squid Developers mailing list
.if !'po4a'hide' <squid-dev@lists.squid-cache.org>
.
.SH SEE ALSO
.if !'po4a'hide' .BR squid "(8), "
.if !'po4a'hide' .BR pam "(3), "
.if !'po4a'hide' .BR pam.conf "(5), "
.if !'po4a'hide' .BR chown "(1), "
.if !'po4a'hide' .BR chmod "(1), "
.if !'po4a'hide' .BR GPL "(7), "
.br
PAM Systems Administrator Guide
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
.br
The Squid Configuration Manual
.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Commit	Line	Data
980909fd	1	.if !'po4a'hide' .TH basic_pam_auth 8 "5 Sep 2003"
fab7a87e	2	.
fab7a87e	3	.SH NAME
d632afde	4	basic_pam_auth \- PAM Basic authentication helper for Squid
fab7a87e	5	.
fab7a87e	6	.SH SYNOPSIS
980909fd AJ	7	.if !'po4a'hide' .B "basic_pam_auth [\-n \""
980909fd AJ	8	service name
b8e70af0	9	.if !'po4a'hide' .B "\"] [\-t "
980909fd AJ	10	TTL
980909fd AJ	11	.if !'po4a'hide' .B "] [\-o] [\-1]"
fab7a87e	12	.
fab7a87e	13	.SH DESCRIPTION
92a0c1e0 AJ	14	.B basic_pam_auth
92a0c1e0 AJ	15	allows Squid to connect to a mostly any available PAM
fab7a87e	16	database to validate the user name and password of Basic HTTP
	17	authentication.
	18	.
980909fd AJ	19	.SH OPTIONS
980909fd AJ	20	.if !'po4a'hide' .TP 12
b8e70af0	21	.if !'po4a'hide' .B "\-s " "service\-name"
92a0c1e0 AJ	22	Specifies the PAM service name Squid uses, defaults to
92a0c1e0 AJ	23	.B squid
fab7a87e	24	.
980909fd	25	.if !'po4a'hide' .TP
b8e70af0	26	.if !'po4a'hide' .B "\-t " TTL
2900aadb	27	Enables persistent PAM connections where the connection to the PAM
2900aadb	28	database is kept open and reused for new logins. The TTL specifies
34de5a0a	29	how long the connection will be kept open (in seconds). Default is
2900aadb	30	to not keep PAM connections open. Please note that the use of
	31	persistent PAM connections is slightly outside the PAM
	32	specification and may not work with all PAM configurations.
fab7a87e	33	.
980909fd	34	.if !'po4a'hide' .TP
b8e70af0	35	.if !'po4a'hide' .B \-o
1a44d781	36	Do not perform the PAM account management group (account
1a44d781	37	expiration etc)
fab7a87e	38	.
fab7a87e	39	.SH CONFIGURATION
fab7a87e	40	The program needs a PAM service to be configured in
92a0c1e0	41	.BR /etc/pam.conf
fab7a87e	42	or
92a0c1e0	43	.BR /etc/pam.d/squid
8c2b74bc	44	.PP
92a0c1e0	45	The default service name is
56834b2a	46	.B squid
92a0c1e0	47	, and the program makes use of the
56834b2a AJ	48	.B auth
	49	and
	50	.B account
fab7a87e	51	management groups to verify the password and the accounts validity.
8c2b74bc	52	.PP
fab7a87e	53	For details on how to configure PAM services, see the PAM
	54	documentation for your system. This manual does not cover PAM
	55	configuration details.
	56	.
	57	.SH NOTES
	58	.
	59	When used for authenticating to local UNIX shadow password databases
	60	the program must be running as root or else it won't have sufficient
	61	permissions to access the user password database. Such use of this
	62	program is not recommended, but if you absolutely need to then make
	63	the program setuid root
8c2b74bc AJ	64	.if !'po4a'hide' .RS
8c2b74bc AJ	65	.if !'po4a'hide' .P
4ac1334a	66	.if !'po4a'hide' .B chown root basic_pam_auth
8c2b74bc	67	.if !'po4a'hide' .br
4ac1334a	68	.if !'po4a'hide' .B chmod u+s basic_pam_auth
8c2b74bc	69	.if !'po4a'hide' .RE
980909fd	70	.PP
fab7a87e	71	Please note that in such configurations it is also strongly recommended
	72	that the program is moved into a directory where normal users cannot
	73	access it, as this mode of operation will allow any local user to
	74	brute-force other users passwords. Also note the program has not been
	75	fully audited and the author cannot be held responsible for any security
	76	issues due to such installations.
	77	.
	78	.SH AUTHOR
980909fd	79	This program and documentation was written by
8c2b74bc	80	.if !'po4a'hide' .I Henrik Nordstrom <hno@squid-cache.org>
fab7a87e	81	.
cbee2c76	82	.SH COPYRIGHT
5b95b903	83	.PP
77b1029d	84	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
5b95b903 AJ	85	*
	86	* Squid software is distributed under GPLv2+ license and includes
	87	* contributions from numerous individuals and organizations.
	88	* Please see the COPYING and CONTRIBUTORS files for details.
ca02e0ec AJ	89	.PP
	90	Squid
	91	.B basic_pam_auth
	92	and this manual is Copyright 1999,2002,2003
	93	.if !'po4a'hide' .I Henrik Nordstrom <hno@squid-cache.org>
	94	.
	95	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
92a0c1e0	96	.
fab7a87e	97	.SH QUESTIONS
fab7a87e	98	Questions on the usage of this program can be sent to the
8c2b74bc	99	.I Squid Users mailing list
8311b837	100	.if !'po4a'hide' <squid-users@lists.squid-cache.org>
fab7a87e	101	.
fab7a87e	102	.SH REPORTING BUGS
c871f41e AJ	103	Bug reports need to be made in English.
	104	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	105	.PP
8c2b74bc	106	Report bugs or bug fixes using http://bugs.squid-cache.org/
980909fd	107	.PP
8c2b74bc	108	Report serious security bugs to
8311b837	109	.I Squid Bugs <squid-bugs@lists.squid-cache.org>
980909fd	110	.PP
8c2b74bc AJ	111	Report ideas for new improvements to the
8c2b74bc AJ	112	.I Squid Developers mailing list
8311b837	113	.if !'po4a'hide' <squid-dev@lists.squid-cache.org>
fab7a87e	114	.
980909fd AJ	115	.SH SEE ALSO
980909fd AJ	116	.if !'po4a'hide' .BR squid "(8), "
4ac1334a	117	.if !'po4a'hide' .BR pam "(3), "
980909fd	118	.if !'po4a'hide' .BR pam.conf "(5), "
92a0c1e0 AJ	119	.if !'po4a'hide' .BR chown "(1), "
92a0c1e0 AJ	120	.if !'po4a'hide' .BR chmod "(1), "
6d5cbee6	121	.if !'po4a'hide' .BR GPL "(7), "
980909fd	122	.br
8c2b74bc	123	PAM Systems Administrator Guide
6d5cbee6 AJ	124	.br
	125	The Squid FAQ wiki
	126	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
	127	.br
	128	The Squid Configuration Manual
	129	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
	130