Re[2]: mod_auth_pam apache pam
> Ihsan Junaidi Ibrahim wrote: > > I've encountered the problem as well and have lived without it since; if >> I recalled correctly from a previous reply on this list, pam_unix.so >> uses getpwnam () to fetch the password information. It will only return >> the password if the calling process has an UID of 0 (root). Since your >> apache is running as user www, that should explain why the >> authentication failed. >> >> The only workaround is to have your apache runs as root or use a >> different authentication back-end. >> > I forgot to add. Another suitable workaround is to use mod_auth_external > (www/mod_auth_external) and pwauth (security/pwauth) to authenticate > against but not limited to /etc/passwd. On a busy server, this may incur > certain overhead but the important thing is that it does the job. It is > more involving configuration-wise than mod_auth_pam but not by much. > I have it running for WebDAV as well as password protected directories > on an installation. - I think I'll use mod_auth_external, in afterthought I was a bit narrow minded to focus completly on mod_auth_pam instead of also looking for other solutions. Thx for fixing that :-) regards Hexren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mod_auth_pam apache pam
Ihsan Junaidi Ibrahim wrote: > I've encountered the problem as well and have lived without it since; if I recalled correctly from a previous reply on this list, pam_unix.so uses getpwnam () to fetch the password information. It will only return the password if the calling process has an UID of 0 (root). Since your apache is running as user www, that should explain why the authentication failed. The only workaround is to have your apache runs as root or use a different authentication back-end. I forgot to add. Another suitable workaround is to use mod_auth_external (www/mod_auth_external) and pwauth (security/pwauth) to authenticate against but not limited to /etc/passwd. On a busy server, this may incur certain overhead but the important thing is that it does the job. It is more involving configuration-wise than mod_auth_pam but not by much. I have it running for WebDAV as well as password protected directories on an installation. -- Thank you for your time, Ihsan Junaidi Ibrahim, http://ihsan.synthexp.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mod_auth_pam apache pam
Hexren wrote: Hi, I am trying to authentificate user against the system user database using mod_auth_pam-1.1.1 on apache-1.3.33_1. I get the following error in the apache error.log "(2)No such file or directory: access to /www.xxx.net/ failed for 217.228.101.117, reason: authentication error" /etc/pam.d/httpd #cat /etc/pam.d/httpd auth required pam_unix.so debug accountrequired pam_unix.so debug the relevant Directory directive from httpd.conf AuthPAM_Enabled on AllowOverride None AuthName "Web Statistics xxx" AuthType "basic" require group test imho the error has some connection to pam_unix.so, that is because pam_permit.so works as it should (it permits everything). Strangely no error shows up in my system message log. (where I log *.debug level messages) despite the debug flag in /etc/pam.d/httpd. I've encountered the problem as well and have lived without it since; if I recalled correctly from a previous reply on this list, pam_unix.so uses getpwnam () to fetch the password information. It will only return the password if the calling process has an UID of 0 (root). Since your apache is running as user www, that should explain why the authentication failed. The only workaround is to have your apache runs as root or use a different authentication back-end. -- Thank you for your time, Ihsan Junaidi Ibrahim, http://ihsan.synthexp.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
mod_auth_pam apache pam
Hi, I am trying to authentificate user against the system user database using mod_auth_pam-1.1.1 on apache-1.3.33_1. I get the following error in the apache error.log "(2)No such file or directory: access to /www.xxx.net/ failed for 217.228.101.117, reason: authentication error" /etc/pam.d/httpd #cat /etc/pam.d/httpd auth required pam_unix.so debug accountrequired pam_unix.so debug the relevant Directory directive from httpd.conf AuthPAM_Enabled on AllowOverride None AuthName "Web Statistics xxx" AuthType "basic" require group test imho the error has some connection to pam_unix.so, that is because pam_permit.so works as it should (it permits everything). Strangely no error shows up in my system message log. (where I log *.debug level messages) despite the debug flag in /etc/pam.d/httpd. After googling for a while and reading here and there I tried making master.passd readable to the apache user (www) because some people reported that they needed to do that with /etc/shadow on some linux variants. Somebody has an idea what I should test next or how I can solve my problem ? Kind Regards Hexren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
