This program authenticates users using SASL (specifically the cyrus-sasl authentication method). SASL is configurable (somewhat like PAM). Each service authenticating against SASL identifies itself with an application name. Each "application" can be configured independently by the SASL administrator. For this authenticator, the SASL application name is, by default, squid_sasl_auth To configure the authentication method used the file "squid_sasl_auth.conf" can be placed in the appropriate location, usually "/usr/lib/sasl". The authentication database is defined by the "pwcheck_method" parameter. Only the "PLAIN" authentication mechanism is used. Examples: pwcheck_method:sasldb use sasldb - the default if no conf file is installed. pwcheck_method:pam use PAM pwcheck_method:passwd use traditional /etc/passwd pwcheck_method:shadow use slightly less traditional /etc/shadow Others methods may be supported by your cyrus-sasl implementation - consult your cyrus-sasl documentation for information. Typically the authentication database (/etc/sasldb, /etc/shadow, pam) can not be accessed by a "normal" user. You should use setuid/setgid and an appropriate user/group on the executable to allow the authenticator to access the appropriate password database. If the access to the database is not permitted then the authenticator will typically fail with "-1, generic error". chown root.mail sasl_auth chmod ug+s sasl_auth If the application name ("squid_sasl_auth") will also be used for the pam service name if pwcheck_method:pam is chosen. And example pam configuration file "squid_sasl_auth" is also included. Ian Castle ian.castle@coldcomfortfarm.net March 2002