For further info, these are relevant configuration files: /etc/nginx/sites-enabled/site: server { listen 80; server_name $hostname; rewrite ^ https://$server_name$request_uri? permanent; }
server { listen 443; server_name $hostname; ssl on; ssl_certificate /etc/nginx/ssl/certificate.crt; ssl_certificate_key /etc/nginx/ssl/certificate.key; location / { uwsgi_pass 127.0.0.1:9001; include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; uwsgi_param SERVER_SOFTWARE nginx/$nginx_version; } } /etc/uwsgi/apps-enabled/site.xml <uwsgi> <plugin>python</plugin> <socket>127.0.0.1:9001</socket> <pythonpath>/opt/web/site/</pythonpath> <pam>uwsgi</pam> <app mountpoint="/"> <script>wsgihandler</script> </app> </uwsgi> /etc/pam.d/uwsgi: @include common-auth @include common-account On Fri, Mar 29, 2013 at 11:45 AM, Matt Broadstone <mbroa...@gmail.com> wrote: > Hi, > We're trying to migrate our web2py deployment to nginx and running > into a problem using pam_auth as a login method. Before I go further I > should clarify that PAM authentication works just fine with apache2 > and a simple debug run with rocket. Also, we are trying to do this on > Ubuntu 12.04, and the nginx setup is basically verbatim from the > script provided by web2py > (scripts/setup-web2py-nginx-uwsgi-ubuntu.sh). > > I am unable to log into web2py with local users, and the only relevant > log message I can find is in my /var/log/auth.log: > > Mar 29 11:38:17 mbroadst-build unix_chkpwd[7073]: check pass; user unknown > Mar 29 11:38:17 mbroadst-build unix_chkpwd[7073]: password check > failed for user (mbroadst) > Mar 29 11:38:17 mbroadst-build uwsgi: pam_unix(login:auth): > authentication failure; logname= uid=33 euid=33 tty= ruser= rhost= > user=mbroadst > > There is surprisingly little information on the internet related to > these messages, but it seems (from a post on Cherokees forums) that > this indicates that the user is unable to access the /etc/shadow file. > I can verify that the nginx and uwsgi configurations are correct, and > working. Both are running as the www-data user, and the www-data user > has been added to the shadow group. > > Does anyone have a clue what's going on here? I'm getting to the point > that maybe web2py's pam auth module is the culprit, but I am very > inexperienced with the technologies involved here. > > Matt -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.