Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Apache mod_auth_pam module



Has anyone successfully gotten the Apache mod_auth_pam module working? My
ultimate goal is to have Apache authenticate against an NT domain by using
the PAM module pam_smb_auth in conjunction with mod_auth_pam. So far,
however, I have been unable to get mod_auth_pam to behave even using
pam_unix.

Here is my /etc/pam.d/httpd:


#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth


The relevant section from my Apache httpd.conf:


<Directory /home/httpd/htdocs/pamtest>
  AuthType Basic
  AuthName "pamtest"
  require valid-user
</Directory>


And some stuff from /var/log/auth:


Nov 26 09:51:52 XXXX httpd(pam_unix)[5357]: authentication failure; logname= uid=81 euid=81 tty= ruser= rhost=  user=pamtest
Nov 26 09:52:25 XXXX httpd(pam_unix)[5404]: authentication failure; logname= uid=81 euid=81 tty= ruser= rhost=  user=pamtest
Nov 26 09:53:20 XXXX login(pam_unix)[1821]: session opened for user pamtest by (uid=0)
Nov 26 09:53:21 XXXX login(pam_unix)[1821]: session closed for user pamtest


The "session opened" and closed stuff is me logging in as the pamtest user to
make sure it worked. I can su to the pamtest user just fine, and my su PAM
conf file looks just like the httpd one:


auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth


So, in summation, does anyone have any idea what is going on, or any tips
for getting mod_auth_pam working? I have read all of the sparse documentation
provided with mod_auth_pam, the source code, and searched Google pretty
heavily. I have also hacked some syslog debugging into mod_auth_pam itself
so that I could verify passwords and stuff. All to no avail. :(

TIA, and on the verge of tears... ;)
-Josh


-- 
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.
http://www.incogen.com/

GPG keyID 0x62386967 (7479 1A7A 46E6 041D 67AE  2546 A867 DBB1 6238 6967)
gpg --keyserver pgp.mit.edu --recv-keys 62386967

Attachment: pgp00053.pgp
Description: PGP signature


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links