MySQL-PAM authentication for SafeSquid

MySQL-PAM authentication for SafeSquid

Postby ramkee » Tue Feb 17, 2015 6:39 pm

Usually SafeSquid can support LDAP authentication in-fact we have a config section for LDAP. But we did not have any config to integrate MYSQL database. So for now to integrate MySQL with SafeSquid we have to change the files in Linux box.

Please follow the below steps :

Description : If we have mysql database, we can authenticate them to use
safesquid interface by using PAM (pluggable authentication module)


Required packages :

1. Libpam-mysql
2. Pam_mysql.so
3. Mysql


setup:

1. Do update once apt-get update

2. Install mysql on your machine

apt-get install mysql-server


3. Next install libpam-mysql by running the following command

apt-get install libpam-mysql


4. Check for pam_mysql is there or not in /lib/security/ if not there download from net ( I have not found on aptitude searh)

5. Next go for mysql.. login with root

mysql –u root –p
password : safesquid


6. create a database by run the following command

CREATE DATABASE oeipl;


7. Go to oeipl database

use oeipl;


8. Then create a table that should contain password column

create table safesquid (user_name VARCHAR(16), password VARCHAR(32));

9. Now create one user in to that table

INSERT INTO safesquid VALUES ('ramkee', 'safesquid');

10. Give all permission to that user

GRANT ALL PRIVILEGES ON oeipl.* TO 'ramkee'@'localhost' identified by 'safesquid';

11. If you want to see that user just run the following command

select * from safesquid;

Database changed
mysql> select * from safesquid;
+-----------+----------------------------------+
| user_name | password |
+-----------+----------------------------------+
| ramkee | safesquid |
| suhas | safesquid |
+-----------+----------------------------------+
3 rows in set (0.06 sec)

12. Now we have to move to tuning of /etc/pam.d/safesquid file

13. Open that file and add the following lines to that file

auth required /lib/security/pam_mysql.so host=localhost user=ramkee passwd=safesquid db=oeipl table=safesquid usercolumn=user_name passwdcolumn=password debug verbose=1


14. Now restart the safesquid service /etc/init.d/safesquid restart

15. Go to interface http://safesquid.cfg/ then you will get authentication, there you can give any user of mysql database

16. Now you can check logs tail –f /var/logs/auth.logs

17. Then go to safesquid interface and check for username who is logged on by clicking on statistics

Note : Better to don’t create encryption passwords for users. If you create the you should change that encrypted password in /etc/pam.d/safesquid accordingly . And you have to add crypt=1 md5=true also. Then only result may come
ramkee
Site Admin
 
Posts: 86
Joined: Fri Jan 02, 2015 5:23 pm

Return to MySQL DB

Who is online

Users browsing this forum: No registered users and 1 guest

cron