httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Louis LeBlanc" <webmas...@keyslapper.net>
Subject [users@httpd] authentication help - trying to provide PAM auth
Date Fri, 12 May 2006 18:01:44 GMT
Hey folks.

I'm having some difficulties with an authorization configuration.

I am running Apache 2.0.58, though upgrading to the 2.2 release is not out
of the question if it will help achieve the goal.  This is running on a
FreeBSD 5.4_RELEASE-p12 system, and is connected to a backend Tomcat
server via mod_jk.  Mod_perl is also installed.

My goal is to allow a secure (HTTPS), password protected DAV folder for
all users in the system users group.  Part of that goal is to require
password access using their system (shell) password.  Most of these users
cannot shell in from outside, an I'd like to require the digest password
method.

I do have Cyrus Sasl2 installed, which is tied to the PAM authentication
module, but I can't find a (working) module for either pam or sasl.  There
is a port for mod_auth_pwcheck, which is supposed to work with SASL, but
it won't even build.  I'd get into the code and fix it, but I haven't time
now.

I've found a mod_auth_pam2 port, which builds fine and appears to work up
until I try to authenticate.  Then I get the following:

[Fri May 12 12:18:21 2006] [error] [client xx.xxx.xxx.xxx] PAM: user
'somebody' - not authenticated: authentication error

I don't get any other info, even though I have LogLevel Info set.  I'm
sure the password I'm using is right.  I've checked the auth logs, and
they show no authorization failures.

My system is using shadow passwords, but I'm not keen on fiddling with the
shadow files permissions.  I'd rather hoped the module would authenticate
the same way the sasl or imap modules do.

BTW, I have included the httpd config in the /etc/pam.d file.

Any ideas or suggestions for a known working method of providing PAM
authentication would be welcome.

Lou

-- 
Louis LeBlanc               webmaster@keyslapper.net
Fully Funded Hobbyist,   KeySlapper Extrordinaire :þ
http://www.keyslapper.net                       Ô¿Ô¬


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message