-.TH pam_auth 8 "15 May 2002" "Squid PAM Auth"
+.TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth"
.
.SH NAME
pam_auth - Squid PAM authentication helper
.
.TP
.BI "-t " TTL
-Unless the -1 option is used, this specified for how long
-the connection to the PAM database should be kept open and
-reused for new logins. Defaults to 60 seconds.
+Enables persistent PAM connections where the connection to the PAM
+database is kept open and reused for new logins. The TTL specifies
+how long the connetion will be kept open (in seconds). Default is
+to not keep PAM connections open. Please note that the use of
+persistent PAM connections is slightly outside the PAM
+specification and may not work with all PAM configurations.
.
.TP
.BI "-o"
Do not perform the PAM account management group (account
expiration etc)
-.TP
-.BI "-1"
-Specifies "One shot" mode, where a new PAM connection will
-be opened for each new user. This is how PAM is normally
-used and may be required by some backend databases.
-The default is to reuse the PAM connection to maximize
-performance. (see -t above)
.
.SH CONFIGURATION
.
/*
- * $Id: pam_auth.c,v 1.12 2003/01/23 00:35:35 robertc Exp $
+ * $Id: pam_auth.c,v 1.13 2003/11/05 09:37:43 hno Exp $
*
* PAM authenticator module for Squid.
- * Copyright (C) 1999,2002 Henrik Nordstrom <hno@squid-cache.org>
+ * Copyright (C) 1999,2002,2003 Henrik Nordstrom <hno@squid-cache.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* Change Log:
*
+ * Version 2.2, 2003-11-05
+ * One shot mode is now the default mode of operation
+ * with persistent PAM connections enabled by -t option.
+ * Support for clearing the PAM_AUTHTOK attribute on
+ * persistent PAM connections.
+ *
+ * Version 2.1, 2002-08-12
+ * Squid-2.5 support (URL encoded login, password strings)
+ *
* Version 2.0, 2002-01-07
* One shot mode, command line options
* man page
/* The default TTL */
#ifndef DEFAULT_SQUID_PAM_TTL
-#define DEFAULT_SQUID_PAM_TTL 60
+#define DEFAULT_SQUID_PAM_TTL 0
#endif
static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */
}
pamh_created = time(NULL);
}
+ /* Authentication */
retval = PAM_SUCCESS;
if (ttl != 0) {
if (retval == PAM_SUCCESS)
retval = pam_set_item(pamh, PAM_USER, user);
- if (retval == PAM_SUCCESS)
- retval = pam_set_item(pamh, PAM_CONV, &conv);
}
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
error:
fprintf(stdout, "ERR\n");
}
- if (ttl == 0) {
+ /* cleanup */
+ if (ttl != 0) {
+ retval = pam_set_item(pamh, PAM_CONV, &conv);
+#ifdef PAM_AUTHTOK
+ if (retval == PAM_SUCCESS)
+ retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+#endif
+ }
+ if (ttl == 0 || retval != PAM_SUCCESS) {
retval = pam_end(pamh, retval);
if (retval != PAM_SUCCESS) {
fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
projects / thirdparty / squid.git / commitdiff
