Hi Maurice, > Clearly, pwauth is not working as it should. > Can someone explain to me what is wrong here?
Yeah, I just looked into it. It was horribly broken. Many thanks for reporting this! When I built 5209R I gave this functionality a quick test, as I wasn't sure if the mechanism we used on Apache 2.2 on 5208R would work on 5209R, too. I then found out that we had to update mod_authnz_external to version 3.3.2 to get that module to work with Apache 2.4. With that in place .htaccess password protection worked back then. Now? It's broken as you said. I did some debugging and it's a complicated mess: Our .htaccess password protection mechanism relies on a two part solution: - Apache module mod_authnz_external - /usr/bin/checker /usr/bin/checker_group The first is just an Apache module that allows to do authentication via several externalized means. We configured it to use /usr/bin/checker and /usr/bin/checker_group, which we provided as part of our custom mod_authnz_external. These Perl scripts use Authen::PAM to do a PAM authentication. That authentication via Authen::PAM is no longer working. I use the same exact code on 5208R, where it works flawlessly. On 5209R? It doesn't. I'm not even sure what changed there. Either Authen::PAM is broken and has changed in unknown ways, or PAM is throwing a wrench into it. I threw lots of debugging at it, but to no avail. After pulling what's left of my hair I just went back and published an update that replaces /usr/bin/checker and /usr/bin/checker_group with the respective binaries from the proven "pwauth" RPM off Epel. Because these work and provide the same functionality. So please do a "yum update" on your 5209R and it'll pull an updated mod_authnz_external and will also install the now required "pwauth" RPM off the BlueOnyx YUM repository. With that in place password auth via .htaccess should work exactly as before. The documentation at /root/PAM_AUTH_EXTERNAL.READ-ME has the following (working) examples in it at the end: .htaccess usage examples: 1) Basic configuration for *any* valid system users: AuthAuthoritative on AuthType Basic AuthName Your_Eyes_only AuthExternal pwauth require valid-user 2) Only allow 1 specific user to authenticate AuthAuthoritative on AuthType Basic AuthName Your_Eyes_only AuthExternal pwauth require valid-user USERNAME_HERE 3) Allow group authentication for all users of group "site1": AuthAuthoritative on AuthType Basic AuthName Your_Eyes_only AuthExternal pwauth GroupExternal unixgroup require group site1 -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx