From: Amos Jeffries Date: Fri, 17 Sep 2010 10:54:47 +0000 (+1200) Subject: More manuals documentation updates X-Git-Tag: take1~254 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8e70af0144b309af9d9edd591fdcbbba022ccd6;p=thirdparty%2Fsquid.git More manuals documentation updates --- diff --git a/helpers/basic_auth/LDAP/basic_ldap_auth.8 b/helpers/basic_auth/LDAP/basic_ldap_auth.8 index 53b8fab2b4..30e28d1db6 100644 --- a/helpers/basic_auth/LDAP/basic_ldap_auth.8 +++ b/helpers/basic_auth/LDAP/basic_ldap_auth.8 @@ -212,7 +212,9 @@ server specificiation by using servername:port syntax. . .if !'po4a'hide' .TP .if !'po4a'hide' .B "\-v 2|3" -LDAP protocol version. Defaults to 3 if not specified. +LDAP protocol version. Defaults to +.B 3 +if not specified. . .if !'po4a'hide' .TP .if !'po4a'hide' .BI \-Z @@ -244,18 +246,24 @@ For directories using the RFC2307 layout with a single domain, all you need to specify is usually the base DN under where your users are located and the server name: .IP +.if !'po4a'hide' .RS .if !'po4a'hide' .B basic_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver +.if !'po4a'hide' .RE .PP If you have sub\-domains then you need to use a search filter approach to locate your user DNs as these can no longer be constructed direcly from the base DN and login name alone: .IP +.if !'po4a'hide' .RS .if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver +.if !'po4a'hide' .RE .PP And similarily if you only want to allow access to users having a specific attribute .IP +.if !'po4a'hide' .RS .if !'po4a'hide' .B basic_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver +.if !'po4a'hide' .RE .PP Or if the user attribute of the user DN is .B "cn" @@ -264,7 +272,9 @@ instead of and you do not want to have to search for the users then you could use something like the following example for Active Directory: .IP +.if !'po4a'hide' .RS .if !'po4a'hide' .B basic_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver +.if !'po4a'hide' .RE .PP If you want to search for the user DN and your directory does not allow anonymous searches then you must also use the @@ -274,7 +284,9 @@ and flags to specify a user DN and password to log in as to perform the searches, as in the following complex Active Directory example .IP +.if !'po4a'hide' .RS .if !'po4a'hide' .B basic_ldap_auth -P -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver +.if !'po4a'hide' .RE . .PP .B NOTE: diff --git a/helpers/basic_auth/NCSA/basic_ncsa_auth.8 b/helpers/basic_auth/NCSA/basic_ncsa_auth.8 index 3d7e42a235..b6683124a0 100644 --- a/helpers/basic_auth/NCSA/basic_ncsa_auth.8 +++ b/helpers/basic_auth/NCSA/basic_ncsa_auth.8 @@ -22,7 +22,9 @@ The only parameter is the password file. It must have permissions to be read by the user that Squid is running as. . .SH CONFIGURATION -.if !'po4a'hide' .B basic_ncsa_auth /etc/squid/squid.pass +.if !'po4a'hide' .RS +.if !'po4a'hide' .B basic_ncsa_auth /etc/squid/squid.pass +.if !'po4a'hide' .RE .PP .B basic_ncsa_auth must have access to the password file to be executed. @@ -35,17 +37,17 @@ Based on original documentation by .if !'po4a'hide' .I Rodrigo Rubira Branco . .SH COPYRIGHT -.RS +.PP This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . +.PP You should have received a copy of the GNU General Public License along with this file; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111\-1307 USA -.RE . .SH QUESTIONS Questions on the usage of this program can be sent to the diff --git a/helpers/basic_auth/PAM/basic_pam_auth.8 b/helpers/basic_auth/PAM/basic_pam_auth.8 index a45e83e8f1..ff9508a420 100644 --- a/helpers/basic_auth/PAM/basic_pam_auth.8 +++ b/helpers/basic_auth/PAM/basic_pam_auth.8 @@ -8,7 +8,7 @@ Squid PAM Basic authentication helper .SH SYNOPSIS .if !'po4a'hide' .B "basic_pam_auth [\-n \"" service name -.if !'po4a'hide'.B "\"] [\-t " +.if !'po4a'hide' .B "\"] [\-t " TTL .if !'po4a'hide' .B "] [\-o] [\-1]" . @@ -20,12 +20,12 @@ authentication. . .SH OPTIONS .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .BI "\-s " "service\-name" +.if !'po4a'hide' .B "\-s " "service\-name" Specifies the PAM service name Squid uses, defaults to .B squid . .if !'po4a'hide' .TP -.if !'po4a'hide' .BI "\-t " TTL +.if !'po4a'hide' .B "\-t " TTL Enables persistent PAM connections where the connection to the PAM database is kept open and reused for new logins. The TTL specifies how long the connection will be kept open (in seconds). Default is @@ -34,7 +34,7 @@ persistent PAM connections is slightly outside the PAM specification and may not work with all PAM configurations. . .if !'po4a'hide' .TP -.if !'po4a'hide' .BI \-o +.if !'po4a'hide' .B \-o Do not perform the PAM account management group (account expiration etc) . diff --git a/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 index 4df77b3922..2e84a65781 100644 --- a/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 +++ b/helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 @@ -20,20 +20,25 @@ and routines for authentication. .PP This has the following advantages over the NCSA module: -.TP 5 -Allows authentication of all known local users -.TP -Allows authentication through nsswitch.conf -.TP -Can handle NIS(+) requests -.TP -Can handle LDAP requests -.TP -Can handle PAM requests +.if !'po4a'hide' .TP 5 +\- Allows authentication of all known local users +. +.if !'po4a'hide' .TP +\- Allows authentication through nsswitch.conf +. +.if !'po4a'hide' .TP +\- Can handle NIS(+) requests +. +.if !'po4a'hide' .TP +\- Can handle LDAP requests +. +.if !'po4a'hide' .TP +\- Can handle PAM requests . .SH CONFIGURATION .if !'po4a'hide' .RS .if !'po4a'hide' .B auth_param basic program /path/to/basic_getpwnam_auth +.if !'po4a'hide' .br .if !'po4a'hide' .B auth_param basic children concurrency=1 .if !'po4a'hide' .RE .PP @@ -45,9 +50,8 @@ the program .B setuid .B root .if !'po4a'hide' .RS -.if !'po4a'hide' .P .if !'po4a'hide' .B chown root basic_getpwnam_auth -.if !'po4a'hide' .BR +.if !'po4a'hide' .br .if !'po4a'hide' .B chmod u+s basic_getpwnam_auth .if !'po4a'hide' .RE .PP