.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B "\-v 2|3"
-LDAP protocol version. Defaults to 3 if not specified.
+LDAP protocol version. Defaults to
+.B 3
+if not specified.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .BI \-Z
you need to specify is usually the base DN under where your users
are located and the server name:
.IP
+.if !'po4a'hide' .RS
.if !'po4a'hide' .B basic_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver
+.if !'po4a'hide' .RE
.PP
If you have sub\-domains then you need to use a search filter approach
to locate your user DNs as these can no longer be constructed direcly
from the base DN and login name alone:
.IP
+.if !'po4a'hide' .RS
.if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver
+.if !'po4a'hide' .RE
.PP
And similarily if you only want to allow access to users having a
specific attribute
.IP
+.if !'po4a'hide' .RS
.if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver
+.if !'po4a'hide' .RE
.PP
Or if the user attribute of the user DN is
.B "cn"
and you do not want to have to search for the users then you could use something
like the following example for Active Directory:
.IP
+.if !'po4a'hide' .RS
.if !'po4a'hide' .B basic_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver
+.if !'po4a'hide' .RE
.PP
If you want to search for the user DN and your directory does not allow
anonymous searches then you must also use the
flags to specify a user DN and password to log in as to perform the searches, as in the
following complex Active Directory example
.IP
+.if !'po4a'hide' .RS
.if !'po4a'hide' .B basic_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver
+.if !'po4a'hide' .RE
.
.PP
.B NOTE:
It must have permissions to be read by the user that Squid is running as.
.
.SH CONFIGURATION
-.if !'po4a'hide' .B basic_ncsa_auth /etc/squid/squid.pass
+.if !'po4a'hide' .RS
+.if !'po4a'hide' .B basic_ncsa_auth /etc/squid/squid.pass
+.if !'po4a'hide' .RE
.PP
.B basic_ncsa_auth
must have access to the password file to be executed.
.if !'po4a'hide' .I Rodrigo Rubira Branco <rrbranco@br.ibm.com>
.
.SH COPYRIGHT
-.RS
+.PP
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the GNU General Public License for more details.
.
+.PP
You should have received a copy of the GNU General Public License
along with this file; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111\-1307 USA
-.RE
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.SH SYNOPSIS
.if !'po4a'hide' .B "basic_pam_auth [\-n \""
service name
-.if !'po4a'hide'.B "\"] [\-t "
+.if !'po4a'hide' .B "\"] [\-t "
TTL
.if !'po4a'hide' .B "] [\-o] [\-1]"
.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
-.if !'po4a'hide' .BI "\-s " "service\-name"
+.if !'po4a'hide' .B "\-s " "service\-name"
Specifies the PAM service name Squid uses, defaults to
.B squid
.
.if !'po4a'hide' .TP
-.if !'po4a'hide' .BI "\-t " TTL
+.if !'po4a'hide' .B "\-t " TTL
Enables persistent PAM connections where the connection to the PAM
database is kept open and reused for new logins. The TTL specifies
how long the connection will be kept open (in seconds). Default is
specification and may not work with all PAM configurations.
.
.if !'po4a'hide' .TP
-.if !'po4a'hide' .BI \-o
+.if !'po4a'hide' .B \-o
Do not perform the PAM account management group (account
expiration etc)
.
routines for authentication.
.PP
This has the following advantages over the NCSA module:
-.TP 5
-Allows authentication of all known local users
-.TP
-Allows authentication through nsswitch.conf
-.TP
-Can handle NIS(+) requests
-.TP
-Can handle LDAP requests
-.TP
-Can handle PAM requests
+.if !'po4a'hide' .TP 5
+\- Allows authentication of all known local users
+.
+.if !'po4a'hide' .TP
+\- Allows authentication through nsswitch.conf
+.
+.if !'po4a'hide' .TP
+\- Can handle NIS(+) requests
+.
+.if !'po4a'hide' .TP
+\- Can handle LDAP requests
+.
+.if !'po4a'hide' .TP
+\- Can handle PAM requests
.
.SH CONFIGURATION
.if !'po4a'hide' .RS
.if !'po4a'hide' .B auth_param basic program /path/to/basic_getpwnam_auth
+.if !'po4a'hide' .br
.if !'po4a'hide' .B auth_param basic children concurrency=1
.if !'po4a'hide' .RE
.PP
.B setuid
.B root
.if !'po4a'hide' .RS
-.if !'po4a'hide' .P
.if !'po4a'hide' .B chown root basic_getpwnam_auth
-.if !'po4a'hide' .BR
+.if !'po4a'hide' .br
.if !'po4a'hide' .B chmod u+s basic_getpwnam_auth
.if !'po4a'hide' .RE
.PP
projects / thirdparty / squid.git / commitdiff
