]>
Commit | Line | Data |
---|---|---|
36aa8c36 JR |
1 | Index: squid3/helpers/basic_auth/PAM/pam_auth.8 |
2 | diff -c squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 squid3/helpers/basic_auth/PAM/pam_auth.8:1.5 | |
3 | *** squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 Wed May 15 06:03:57 2002 | |
4 | --- squid3/helpers/basic_auth/PAM/pam_auth.8 Wed Nov 5 03:00:40 2003 | |
5 | *************** | |
6 | *** 1,4 **** | |
7 | ! .TH pam_auth 8 "15 May 2002" "Squid PAM Auth" | |
8 | . | |
9 | .SH NAME | |
10 | pam_auth - Squid PAM authentication helper | |
11 | --- 1,4 ---- | |
12 | ! .TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth" | |
13 | . | |
14 | .SH NAME | |
15 | pam_auth - Squid PAM authentication helper | |
16 | *************** | |
17 | *** 17,38 **** | |
18 | . | |
19 | .TP | |
20 | .BI "-t " TTL | |
21 | ! Unless the -1 option is used, this specified for how long | |
22 | ! the connection to the PAM database should be kept open and | |
23 | ! reused for new logins. Defaults to 60 seconds. | |
24 | . | |
25 | .TP | |
26 | .BI "-o" | |
27 | Do not perform the PAM account management group (account | |
28 | expiration etc) | |
29 | ||
30 | - .TP | |
31 | - .BI "-1" | |
32 | - Specifies "One shot" mode, where a new PAM connection will | |
33 | - be opened for each new user. This is how PAM is normally | |
34 | - used and may be required by some backend databases. | |
35 | - The default is to reuse the PAM connection to maximize | |
36 | - performance. (see -t above) | |
37 | . | |
38 | .SH CONFIGURATION | |
39 | . | |
40 | --- 17,34 ---- | |
41 | . | |
42 | .TP | |
43 | .BI "-t " TTL | |
44 | ! Enables persistent PAM connections where the connection to the PAM | |
45 | ! database is kept open and reused for new logins. The TTL specifies | |
46 | ! how long the connetion will be kept open (in seconds). Default is | |
47 | ! to not keep PAM connections open. Please note that the use of | |
48 | ! persistent PAM connections is slightly outside the PAM | |
49 | ! specification and may not work with all PAM configurations. | |
50 | . | |
51 | .TP | |
52 | .BI "-o" | |
53 | Do not perform the PAM account management group (account | |
54 | expiration etc) | |
55 | ||
56 | . | |
57 | .SH CONFIGURATION | |
58 | . | |
59 | *************** | |
60 | *** 76,82 **** | |
61 | .I Henrik Nordstrom <hno@squid-cache.org> | |
62 | . | |
63 | .SH COPYRIGHT | |
64 | ! Squid pam_auth and this manual is Copyright 1999,2002 | |
65 | Henrik Nordstrom <hno@squid-cache.org> | |
66 | . | |
67 | .SH QUESTIONS | |
68 | --- 72,78 ---- | |
69 | .I Henrik Nordstrom <hno@squid-cache.org> | |
70 | . | |
71 | .SH COPYRIGHT | |
72 | ! Squid pam_auth and this manual is Copyright 1999,2002,2003 | |
73 | Henrik Nordstrom <hno@squid-cache.org> | |
74 | . | |
75 | .SH QUESTIONS | |
76 | Index: squid3/helpers/basic_auth/PAM/pam_auth.c | |
77 | diff -c squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 squid3/helpers/basic_auth/PAM/pam_auth.c:1.15 | |
78 | *** squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 Wed Jan 22 17:35:35 2003 | |
79 | --- squid3/helpers/basic_auth/PAM/pam_auth.c Wed Nov 5 11:14:25 2003 | |
80 | *************** | |
81 | *** 2,8 **** | |
82 | * $Id$ | |
83 | * | |
84 | * PAM authenticator module for Squid. | |
85 | ! * Copyright (C) 1999,2002 Henrik Nordstrom <hno@squid-cache.org> | |
86 | * | |
87 | * This program is free software; you can redistribute it and/or modify | |
88 | * it under the terms of the GNU General Public License as published by | |
89 | --- 2,8 ---- | |
90 | * $Id$ | |
91 | * | |
92 | * PAM authenticator module for Squid. | |
93 | ! * Copyright (C) 1999,2002,2003 Henrik Nordstrom <hno@squid-cache.org> | |
94 | * | |
95 | * This program is free software; you can redistribute it and/or modify | |
96 | * it under the terms of the GNU General Public License as published by | |
97 | *************** | |
98 | *** 37,42 **** | |
99 | --- 37,51 ---- | |
100 | * | |
101 | * Change Log: | |
102 | * | |
103 | + * Version 2.2, 2003-11-05 | |
104 | + * One shot mode is now the default mode of operation | |
105 | + * with persistent PAM connections enabled by -t option. | |
106 | + * Support for clearing the PAM_AUTHTOK attribute on | |
107 | + * persistent PAM connections. | |
108 | + * | |
109 | + * Version 2.1, 2002-08-12 | |
110 | + * Squid-2.5 support (URL encoded login, password strings) | |
111 | + * | |
112 | * Version 2.0, 2002-01-07 | |
113 | * One shot mode, command line options | |
114 | * man page | |
115 | *************** | |
116 | *** 76,82 **** | |
117 | ||
118 | /* The default TTL */ | |
119 | #ifndef DEFAULT_SQUID_PAM_TTL | |
120 | ! #define DEFAULT_SQUID_PAM_TTL 60 | |
121 | #endif | |
122 | ||
123 | static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ | |
124 | --- 85,91 ---- | |
125 | ||
126 | /* The default TTL */ | |
127 | #ifndef DEFAULT_SQUID_PAM_TTL | |
128 | ! #define DEFAULT_SQUID_PAM_TTL 0 | |
129 | #endif | |
130 | ||
131 | static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ | |
132 | *************** | |
133 | *** 221,226 **** | |
134 | --- 230,236 ---- | |
135 | } | |
136 | pamh_created = time(NULL); | |
137 | } | |
138 | + /* Authentication */ | |
139 | retval = PAM_SUCCESS; | |
140 | if (ttl != 0) { | |
141 | if (retval == PAM_SUCCESS) | |
142 | *************** | |
143 | *** 238,244 **** | |
144 | error: | |
145 | fprintf(stdout, "ERR\n"); | |
146 | } | |
147 | ! if (ttl == 0) { | |
148 | retval = pam_end(pamh, retval); | |
149 | if (retval != PAM_SUCCESS) { | |
150 | fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); | |
151 | --- 248,262 ---- | |
152 | error: | |
153 | fprintf(stdout, "ERR\n"); | |
154 | } | |
155 | ! /* cleanup */ | |
156 | ! retval = PAM_SUCCESS; | |
157 | ! #ifdef PAM_AUTHTOK | |
158 | ! if (ttl != 0) { | |
159 | ! if (retval == PAM_SUCCESS) | |
160 | ! retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); | |
161 | ! } | |
162 | ! #endif | |
163 | ! if (ttl == 0 || retval != PAM_SUCCESS) { | |
164 | retval = pam_end(pamh, retval); | |
165 | if (retval != PAM_SUCCESS) { | |
166 | fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); |