]>
Commit | Line | Data |
---|---|---|
83915266 | 1 | .if !'po4a'hide' .TH basic_getpwnam_auth 8 |
acb775ad AJ |
2 | . |
3 | .SH NAME | |
d632afde | 4 | basic_getpwnam_auth \- Local Users auth helper for Squid |
acb775ad AJ |
5 | . |
6 | .SH SYNOPSIS | |
8c2b74bc | 7 | .if !'po4a'hide' .B basic_getpwnam_auth |
acb775ad AJ |
8 | . |
9 | .SH DESCRIPTION | |
83915266 AJ |
10 | .B basic_getpwnam_auth |
11 | allows Squid to authenticate any local user accounts | |
acb775ad | 12 | to validate the user name and password of Basic HTTP authentication. |
8c2b74bc | 13 | .PP |
83915266 | 14 | It uses |
8c2b74bc AJ |
15 | .B getpwnam() |
16 | and | |
17 | .B getspnam() | |
18 | routines for authentication. | |
83915266 | 19 | .PP |
acb775ad | 20 | This has the following advantages over the NCSA module: |
b8e70af0 AJ |
21 | .if !'po4a'hide' .TP 5 |
22 | \- Allows authentication of all known local users | |
23 | . | |
24 | .if !'po4a'hide' .TP | |
25 | \- Allows authentication through nsswitch.conf | |
26 | . | |
27 | .if !'po4a'hide' .TP | |
28 | \- Can handle NIS(+) requests | |
29 | . | |
30 | .if !'po4a'hide' .TP | |
31 | \- Can handle LDAP requests | |
32 | . | |
33 | .if !'po4a'hide' .TP | |
34 | \- Can handle PAM requests | |
acb775ad | 35 | . |
980909fd | 36 | .SH CONFIGURATION |
8c2b74bc AJ |
37 | .if !'po4a'hide' .RS |
38 | .if !'po4a'hide' .B auth_param basic program /path/to/basic_getpwnam_auth | |
b8e70af0 | 39 | .if !'po4a'hide' .br |
83915266 | 40 | .if !'po4a'hide' .B auth_param basic children concurrency=1 |
8c2b74bc | 41 | .if !'po4a'hide' .RE |
83915266 | 42 | .PP |
acb775ad AJ |
43 | When used for authenticating to local UNIX shadow password databases |
44 | the program must be running as root or else it won't have sufficient | |
45 | permissions to access the user password database. Such use of this | |
46 | program is not recommended, but if you absolutely need to then make | |
8c2b74bc AJ |
47 | the program |
48 | .B setuid | |
49 | .B root | |
50 | .if !'po4a'hide' .RS | |
8c2b74bc | 51 | .if !'po4a'hide' .B chown root basic_getpwnam_auth |
b8e70af0 | 52 | .if !'po4a'hide' .br |
8c2b74bc AJ |
53 | .if !'po4a'hide' .B chmod u+s basic_getpwnam_auth |
54 | .if !'po4a'hide' .RE | |
83915266 | 55 | .PP |
acb775ad AJ |
56 | Please note that in such configurations it is also strongly recommended |
57 | that the program is moved into a directory where normal users cannot | |
58 | access it, as this mode of operation will allow any local user to | |
59 | brute-force other users passwords. Also note the program has not been | |
60 | fully audited and the author cannot be held responsible for any security | |
61 | issues due to such installations. | |
62 | . | |
63 | .SH AUTHOR | |
8c2b74bc AJ |
64 | This program was written by |
65 | .if !'po4a'hide' .I Erik Hofman <erik.hofman@a1.nl> | |
66 | .if !'po4a'hide' .I Robin Elfrink <robin@a1.nl> | |
67 | .if !'po4a'hide' .I Giancarlo Razzolini <linux-fan@onda.com.br> | |
83915266 | 68 | .PP |
acb775ad | 69 | Based on original code by |
8c2b74bc | 70 | .if !'po4a'hide' .I Jon Thackray <jrmt@uk.gdscorp.com>. |
83915266 | 71 | .PP |
8c2b74bc | 72 | This manual was written by |
2da9607e | 73 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> |
acb775ad AJ |
74 | . |
75 | .SH COPYRIGHT | |
5b95b903 | 76 | .PP |
4ac4a490 | 77 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
5b95b903 AJ |
78 | * |
79 | * Squid software is distributed under GPLv2+ license and includes | |
80 | * contributions from numerous individuals and organizations. | |
81 | * Please see the COPYING and CONTRIBUTORS files for details. | |
82 | .PP | |
92a0c1e0 | 83 | This program and documentation is copyright to the authors named above. |
83915266 | 84 | .PP |
c871f41e | 85 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). |
acb775ad AJ |
86 | . |
87 | .SH QUESTIONS | |
88 | Questions on the usage of this program can be sent to the | |
8c2b74bc AJ |
89 | .I Squid Users mailing list |
90 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
acb775ad AJ |
91 | . |
92 | .SH REPORTING BUGS | |
c871f41e AJ |
93 | Bug reports need to be made in English. |
94 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
95 | .PP | |
8c2b74bc | 96 | Report bugs or bug fixes using http://bugs.squid-cache.org/ |
83915266 | 97 | .PP |
8c2b74bc | 98 | Report serious security bugs to |
acb775ad | 99 | .I Squid Bugs <squid-bugs@squid-cache.org> |
83915266 | 100 | .PP |
8c2b74bc AJ |
101 | Report ideas for new improvements to the |
102 | .I Squid Developers mailing list | |
103 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
acb775ad | 104 | . |
83915266 AJ |
105 | .SH SEE ALSO |
106 | .if !'po4a'hide' .BR squid "(8), " | |
107 | .if !'po4a'hide' .BR basic_pam_auth "(8), " | |
108 | .if !'po4a'hide' .BR basic_ncsa_auth "(8), " | |
92a0c1e0 AJ |
109 | .if !'po4a'hide' .BR basic_ldap_auth "(8), " |
110 | .if !'po4a'hide' .BR basic_nis_auth "(8), " | |
111 | .if !'po4a'hide' .BR chown "(1), " | |
112 | .if !'po4a'hide' .BR chmod "(1), " | |
113 | .if !'po4a'hide' .BR nsswitch.conf "(5), " | |
114 | .if !'po4a'hide' .BR getpwnam "(3), " | |
6d5cbee6 AJ |
115 | .if !'po4a'hide' .BR getspnam "(3), " |
116 | .if !'po4a'hide' .BR GPL "(7), " | |
117 | .br | |
118 | The Squid FAQ wiki | |
119 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
120 | .br | |
121 | The Squid Configuration Manual | |
122 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ | |
123 |