Getting pam_auth_mod to work with apache2.0
Cal Heldenbrand
heldenca at mnstate.edu
Thu Sep 2 16:10:03 UTC 2004
I don't know if this has any relevence or not, but I've encountered some
strange memory problems with some pam modules used inside of
pam_auth_mod. For example, when I used pam_winbind or pam_smbpass, I
would get seg faults and other misc alloc problems... when I switched
to the older pam_smb_auth it worked fine. The exact same pam config
file would work fine with other apps.
So, I have no idea if this applies to your situation -- usually I had
some fairly explanitory errors in /var/log/messages, but I'm just
throwing in my two cents. :-)
Also, one note: Should AuthPAM_Enabled be set to "On" in your htaccess?
-Cal
> Hi group,
>
> I'm a new user to this list and I signed up to get pam_auth_mod to
> work successfully with apache 2.0 when using .htaccess files and no
> .htpasswd file.
> I'm currently trying to get this to work on a fedora system with
> apache 2.0.50 installed. If someone can tell me how the httpd pam-file
> and the .htaccess file should look like, I'd be very gratefull.
> At the moment I'm getting errors like:
>
> in /var/log/httpd/error_log:
> [crit] [client 192.168.1.2] configuration error: couldn't check
> user. No user file?: /testdir/
> [error] [client 192.168.1.2] PAM: user 'xxxxx' - not authenticated:
> Authentication failure
>
> in /var/log/messages
> httpd(pam_unix)[3626]: authentication failure; logname= uid=48 euid=48
> tty= ruser= rhost= user=xxxxx
> (xxxxx = username)
>
> the output of cat /etc/pam.d/httpd is:
> #%PAM-1.0
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> the .htaccess-file looks like this:
> #ALL users on the RAQ550 can access this directory.
> #Access file
> order allow,deny
> allow from all
> require valid-user
> Authname "Login Name for Access"
> Authtype Basic
> AuthAuthoritative off
> AuthPAM_Enabled off
> (This one results in the error No user file?: /testdir/)
>
> I'm also trying to get it to work on a fedora fc1 system with apache
> 2.0.50 installed - and with a BlueQuartz webadmin-system. BlueQuartz
> is a translation of the Cobalt RAQ550 system for RedHat and Fedora.
> I pretty much get the same errors there.
>
> As far as I understand the BQ-system doesn't use the shadow-password
> file. I also read somewhere that the RAQ550 was set up so that it
> wouldn't be possible to use the raq-db with .htaccess because of
> security reasons.
> During my research I found that Cobalt had a file called
> mod_auth_pam-external so it could work with external databases. Does
> anyone on the list know if there is such a module for apache 2.0?
>
> Hope someone can help out.
>
> Yours,
> Trond
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>
>
More information about the Pam-list
mailing list