3

I just set up my dante socks proxy and it works just fine without authentication. Now I want only certain users to be able to use it tho. Preferably only those users that are in the passwd. What would you guys recommend me using? Can I somehow use PAM and link it to my passwd? What other authentication is there and how would they work? For example would an authentication window pop up, before the user would be able to browse?

cherrun
  • 729
  • 2
  • 10
  • 17

1 Answers1

1

If you want to allow all users from your passwd, and only them, you can simply say:

method: username

But if you decide to have all the PAM features, modules and hassle:

method: pam
pam.servicename: sockd_myservice

In PAM you need to configure a new stack for "sockd_myservice", look for example how "ssh" service is configured to allow sshd to use PAM.

Pre-requisite to either username or pam methods is:

user.privileged    : root
user.notprivileged : socks     # some non-root user name
kubanczyk
  • 13,502
  • 5
  • 40
  • 55
  • I actually like the first approach that only users in my passwd will be able to use the proxy. I set the method: username and delete the 'none' behind it. Now when I set the proxy server and port in my Firefox I'm just not able to load any page. It doesn't prompt me to type in username and password. So how exactly does the passwd approach work? – cherrun Feb 03 '12 at 00:10
  • This answer is about server-side of the socks protocol. Yes, the client side should deliver username/password in both cases (method:pam and method:username). Firefox doesn't know how to do this https://bugzilla.mozilla.org/show_bug.cgi?id=122752, not good. You need to socksify it or socksify the whole system. – kubanczyk Feb 03 '12 at 17:48