[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Invalid command 'AuthPAM_Enable' in httpd.conf



This is my first attempt to install mod_auth_pam. I searched the archives 
for a similar problem, but nothing matched right on. Also a web search 
turned up empty, so I'm asking here, hoping that someone has run into this 
before, because this module is not supported by apache.org.

Redhat 7.3 with 2.4.18-19.7.xsmp
Apache-1.3.27-2 (from rpm)
mod_auth_pam-1.1.1 (compiled in)

[root@mail mlib]# service httpd start -DSSL
Starting httpd: Syntax error on line 573 of /etc/httpd/conf/httpd.conf:
Invalid command 'AuthPAM_Enabled', perhaps mis-spelled or defined by a 
module not included in the server configuration

I looked into httpd.conf and found the following:
	<IfDefine HAVE_PYTHON>
	LoadModule python_module      modules/mod_python.so
	LoadModule pam_auth_module    /usr/lib/apache/mod_auth_pam.so
	</IfDefine>

and 

	<IfDefine HAVE_PYTHON>
	AddModule mod_python.c
	AddModule mod_auth_pam.c
	</IfDefine>

... this is normal to have the module included in the python IfDefine 
statement?

I added this to httpd.conf:
	<Files ~ "^\.ht">
	    Order allow,deny
	    Deny from all
	    Satisfy All
	</Files>

	<Directory "/web/mlib/html/mlib">
	     AuthPAM_Enabled on
	     AllowOverride AuthConfig
	     AuthName "Restricted Access Area"
	     AuthType "basic"
	     Require valid-user
	     Options None
	</Directory>

My .htaccess file:
	AuthName "Restricted Access Area"
	AuthType "basic"
	AuthPAM_Enabled on
	Require valid-user

The pam.d/httpd file:
#%PAM-1.0
auth       required    /lib/security/pam_unix.so
account    required    /lib/security/pam_unix.so

.. should this not be:
#%PAM-1.0
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

I also did
	groupadd shadow-readers
	chgrp shadow-readers /etc/shadow
...and in httpd.conf:
	Group shadow-readers	

Here is a typical restart, including a failed on that does not show in 
error_log:
[Sun Jan 19 17:06:40 2003] [notice] caught SIGTERM, shutting down
[Sun Jan 19 17:06:46 2003] [notice] Apache/1.3.27 (Unix)  (Red-Hat/Linux) 
mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 configured 
-- resuming normal operations
[Sun Jan 19 17:06:46 2003] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Sun Jan 19 17:06:46 2003] [notice] Accept mutex: sysvsem (Default: 
sysvsem)

... I already showed what shows up in messages for a failed restart.

This is about as much information as I have available, or can think of at 
this point. If anyone has any ideas, tips or pointers, or sees that I've 
done something terribly wrong, I would appreciate hearing about it.

Thanks in advance.
Kind regards,
Keith Mastin 







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []