Ubuntu 8.10: Squid3 with pam_auth revisited
It has been a long time I have not touch the squid configuration and installation. Recently, when I tried to install it again, I found that the howtos in Internet was a little bit confusing and I did not manage to setup. Until I viewed the log file (/var/log/auth.log) then I understood what went wrong and managed to solve the problem.
My objective is to create a new proxy server with limited access controlled by using PAM authentication. The original howto is from this page. I modified it to suit my environment which is using Ubuntu 8.10 server installed on my ESX server (Virtualization is awesome!).
The steps i did:
1. Update the APT installer to find the latest packages
$ sudo apt-get update
2. Installed your squid and any dependencies.
In Intrepix Ibex, they use squid3 name instead of just squid. It made me mistakenly edited the wrong files several times.
$ sudo apt-get install squid3
3. Edit the main configuration files
We need to add 2 entry here to enable PAM authentication and force the PAM authentication. edit the squid.conf.
$ sudo vi /etc/squid3/squid.conf.
and add this lines to enable PAM authentication
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Squid
auth_param basic credentialsttl 2 hours
And add this to force authentication to every user using it
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl pam proxy_auth REQUIRED
http_access allow pam
4. Configure the pam modules for Squid
Create a new file with name squid in /etc/pam.d/ and populate with this entry.
$ sudo vi /etc/pam.d/squid
Add the below lines. This is the alteration i did from the previously mentioned howto.
auth required pam_unix.so
account required pam_unix.so
5. Start the squid service
$ sudo /etc/init.d/squid start
The service should starts smoothly if you are using the same distro and packages that i used. Actually configuring squid is quite straightforward but maintaining and managing different distros with different styles and packages versions is the confusing part.