The authentication database is defined by the pwcheck_method parameter. Only the PLAIN authentication mechanism is used.
Examples:
pwcheck_method:sasldb
use sasldb - the default if no conf file is installed.
pwcheck_method:pam
- use PAM authentication database
pwcheck_method:passwd
- use traditional
/etc/passwd
pwcheck_method:shadow
- use slightly less traditional /etc/shadow
Others methods may be supported by your cyrus-sasl implementation - consult your cyrus-sasl documentation for information.
Typically the authentication database ( /etc/sasldb , /etc/shadow , PAM ) can not be accessed by a normal user. You should use setuid/setgid and an appropriate user/group on the executable to allow the authenticator to access the appropriate password database. If the access to the database is not permitted then the authenticator will typically fail with "-1, generic error".
chown root.mail basic_sasl_auth
chmod ug+s basic_sasl_auth
If the application name basic_sasl_auth will also be used for the PAM service name if pwcheck_method:pam is chosen. And example PAM configuration file basic_sasl_auth.pam is also included.
This manual was written by Ian Castle <ian.castle@coldcomfortfarm.net> Amos Jeffries <amosjeffries@squid-cache.org>
* Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
Report bugs or bug fixes using http://bugs.squid-cache.org/
Report serious security bugs to Squid Bugs <squid-bugs@lists.squid-cache.org>
Report ideas for new improvements to the Squid Developers mailing list <squid-dev@lists.squid-cache.org>