auth_pam - not working...but why?
Andrew.Sternick at aquantive.com
Mon Dec 17 22:05:10 UTC 2007
I am trying to get an apache/pam/smb system working happily. Samba
swapping spit with AD and I am able to use the wbinfo and getent
commands, and also chown/chgrp to domain accounts and groups. I am
unsure if apache is configured correctly, but I cannot find any useful
logging facility to help with the PAM config. I am running Fedora Core
6 with httpd 2.2.6.
auth required pam_winbind.so debug
account required pam_winbind.so debug
I am loading the PAM modules via the auth_pam.conf file in the ../conf.d
[root at sys01 conf.d]# more auth_pam.conf
LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
Here is my virtual-hosts.conf:
CustomLog logs/xx.site.com-access_log combined
Options ExecCGI FollowSymLinks +Includes +Indexes
deny from all
allow from all
Last but not least, the relevant .htaccess file:
AuthUserFile .... /.htpasswd
require group "domain users"
require user clientname
According to my calculations, now httpd should be able to use domain
accounts to authenticate. The files in question on this webserver have
"domain users" as the group owner and 775 permissions - this is not a
filesystem permissions issue. At the apache authentication prompt, when
I give a domain account "blah", apache's error log says "user blah not
found". Of course the "clientname" account works so Apache+PAM are the
prime suspects for a configuration problem.
So here is the question: is there any way to see what apache is doing
vis a vis auth_pam? I'd like to get something more useful out of
apache's logging for this, but I do not know how to make that happen.
aQuantive, a Microsoft Corporation subsidiary
Leading businesses in digital marketing.
212.798.7320 // direct
212.462.4660 // fax
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pam-list