Bug#503184: libapache2-mod-auth-shadow
Hello Devrim, You should be able to compile the package yourself with the following commands: # Download sources from the Ubuntu archive wget http://archive.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-auth-shadow/libapache2-mod-auth-shadow_2.1.orig.tar.gz wget http://archive.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-auth-shadow/libapache2-mod-auth-shadow_2.1-2.diff.gz # Unpack the sources tar -zxvf libapache2-mod-auth-shadow_2.1.orig.tar.gz zcat libapache2-mod-auth-shadow_2.1-2.diff.gz | patch -p0 # Install all the build dependencies sudo apt-get install dpkg-dev debhelper devscripts fakeroot sudo apt-get install dpatch apache2-threaded-dev # Step into the directory and build cd libapache2-mod-auth-shadow-2.1/ debuild -us -uc cd .. # Install the package sudo dpkg -i libapache2-mod-auth-shadow_2.1-2_i386.deb Best regards, Bruno On 15 May 2009, at 14:46, Devrim Yasar wrote: Hi Bruno, I saw your posts on debian forum, and i need this module to create digest authorization on apache. And this module is still not available. How could you solve your problem? Thanks, Devrim retitle 503184 RFP: libapache2-mod-auth-shadow -- Apache2 module for authentication using shadow thanks Re: Bruno De Fraine 2008-11-01 b6f4bacd-475f-48de-8ca7-23913a137...@defraine.net reopen 503184 thanks As explained in my message, I am aware that the original maintainer removed this package with bug #489862, but I disagree with that decision: mod_auth_shadow provided functionality for which there is currently no good alternative in Debian. I think he should have orphaned his package instead. Ok, but the bug title is/was still wrong. Christoph -- c...@df7cb.de | http://www.df7cb.de/ -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#503184: closed by Christoph Berg [EMAIL PROTECTED] (Re: Bug#503184: O: libapache2-mod-auth-shadow -- Apache2 module for authentication using shadow)
As explained in my message, I am aware that the original maintainer removed this package with bug #489862, but I disagree with that decision: mod_auth_shadow provided functionality for which there is currently no good alternative in Debian. I think he should have orphaned his package instead. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#503184: O: libapache2-mod-auth-shadow -- Apache2 module for authentication using shadow
Package: wnpp Severity: normal mod_auth_shadow is an Apache module which authenticates against the / etc/shadow file. You may use this module with a mode 400 root:root / etc/shadow file, while your web daemons are running under a non- privileged user. The module includes a separate binary to perform the password validation, which you are intended to install with setuid/ setgid privileges. http://mod-auth-shadow.sourceforge.net/ License: GPL BACKGROUND: According to the only Debian reference I can found about this package: http://packages.qa.debian.org/liba/libapache2-mod-auth-shadow.html this software was packaged and maintained by Jorge Salamero Sanz. He requested the package to be removed by opening bug #489862, in which he stated: libapache2-mod-auth-pam is able to behave like mod-auth-shadow even in an smarter way using PAM and i barely use this package now. To my understanding, this is not correct. According to bug report #246222, libapache2-mod-auth-pam is useless for shadow authentication without adding user www-data to group shadow, and libapache2-mod- auth-shadow specifically addressed that fundamental problem with a setgid binary to perform the validation. This is immediately apparent from the original description of the package and its predecessor libapache-mod-auth-shadow: Description: Apache2 module for authentication using shadow When performing this task one encounters one fundamental difficulty: the /etc/shadow file is supposed to be read/writable only by root. However, the webserver is supposed to run under a non-root user, such as www- data. . mod_auth_shadow addresses this difficulty by opening a pipe to an SGID shadow program validate, which does the actual validation. When there is a failure validate writes an error message to the system log, and waits three seconds before exiting. The validate program uses getspnam() so supports shadow files and NIS. I therefore believe the original maintainer should have orphaned this package, instead of removing it. His sources can be retrieved from the Ubuntu repositories: http://packages.ubuntu.com/source/hardy/libapache2-mod-auth-shadow (And perhaps from Debian archives as well.) Package version 2.1-2 builds fine on my i386 Debian etch system and produces a working installation. Since there is already a working package, I am not submitting this as a Request For Package. Best regards, Bruno De Fraine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]