httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Keltz <...@cse.yorku.ca>
Subject mod_auth_pam 2.2.X
Date Wed, 02 Aug 2006 15:01:43 GMT
I apologize in advance if this is not the right forum for this type of 
question -- if so, please accept my apology and let me know where I 
might address this problem...

-----

The currently available version of mod_auth_pam for Apache 2.0.X series 
does not work with the new Apache 2.2.X authentication scheme when 
combined with basic authentication since mod_auth_pam doesn't register a 
provider.  Surprisingly enough, I can't find any references on the web 
to people trying to use mod_auth_pam with Apache 2.2.X which surprises 
me.  I was looking at how I might attempt to patch the current module to 
work with 2.2.X.  I can't seem to find much documentation on the new 
"aaa" scheme in 2.2.X, but it doesn't look overly complicated to do when 
I look at say, mod_authn_file.  I'm confused by an aspect of the new 
2.2.X authentication scheme which I was hoping someone might be able to 
help with.  If I want to port the "AuthPAM_Enabled on|off" into the new 
module, where would it go?  It looks like there should be a 
mod_authn_pam which just handles only the pam authentication, and then 
say, a mod_authz_pamgroup that handles the "require group" directive, 
but it isn't clear to me where the enable flag belongs?   I looked 
through the modules that come with Apache.  The only module that has an 
enable type flag seems to be the ldap module, yet all of the references 
to the enable flag are commented out in that code.  I wonder why? 
Further, how about the AuthFailDelay, and AuthPAM_FallThrough? Would 
these go into mod_authn_pam as well?  As far as I can see, mod_authz_pam 
doesn't seem necessary since the basic authentication covers the use of 
"require user"...

Any help would be appreciated.  I'm anxious to make the change because 
I'm upgrading our 1.3.X servers to 2.2.X, and this is holding me back 
since we're using mod_auth_pam in a couple of important places.

Jason.


Mime
View raw message