pam-0.77-66.13 errata breaks subversion
Jay Levitt
lists-redhat at shopwatch.org
Wed Nov 16 16:04:27 UTC 2005
I'm running RHEL AS4 for 32-bit x86. When I install the pam-0.77-66.13
10/26/05 errata (for RHSA-2005:805), I'm no longer able to use pam_unix
to authenticate mod_dav_svn. I get the following error in
/var/log/messages when attempting to login with a subversion client:
Nov 15 19:56:25 dev httpd(pam_unix)[31001]: authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost= user=jay
(UID 48 is the apache login.) Rolling back to pam-0.77-66.11 solves the
problem. I have no problem using pam_unix to authenticate regular web
directories, only subversion repositories, which seems like a good clue.
How can I tell if this is a bug in the errata, or a bug in the way
mod_dav_svn works? Maybe it doesn't ask for the right privileges, but
the former pam bug was letting it get away with that? Unfortunately,
we're an academic install, so I can't report this to Red Hat via support
channels.
I'm running Apache httpd 2.0.54, installed from source. Snippets of my
httpd.conf:
..the regular web site, which works fine...
<Directory "/srv/www/htdocs/my.site.example.com">
Options +Indexes
IndexIgnore ..
SSLRequireSSL
AuthPAM_Enabled On
AuthType Basic
AuthName "Development Intranet"
Require valid-user
</Directory>
..the subversion repository, which fails as soon as the errata RPM is
installed...
<VirtualHost *:443>
ServerName svn.example.com
CustomLog logs/svn.access.log combined
SSLEngine On
# This must be accessible, but is otherwise unused
DocumentRoot "/srv/www/htdocs/svn-phony"
<Location /dev/>
AuthPAM_Enabled on
AuthType Basic
AuthName "Developer repository"
Require group dev
</Location>
<Location />
DAV svn
SVNParentPath "/srv/svn/"
SVNPathAuthz off
</Location>
</VirtualHost>
.. my /etc/pam.d/httpd config ...
#%PAM-1.0
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
More information about the redhat-list
mailing list