Hi pam-list,
I've quite an interesting problem.
I am succesfully running mod-auth-pam-1.1.1
with Apache 1.3.27 on Linux Redhat 7.3
Some directories of websites are secure and
only accessable with a system user ID, so /etc/passwd and
/etc/shadow are succesfully accessed by PAM.
But.... other secured directories have to be
accessable with "custom login accounts" created with
htpasswd
For "custom login accounts" I use the
directive "AuthPAM_Enabled off" to turn off
the AUTHPAM module. Unfortunately in this case the directive "AuthUserFile"
pointing to my users/passwords file isn't interpreted (by Apache).
Please review my settings below and help me find a
solution for it.
Thanks in advance,
Ruben
Preparation (make apache read /etc/shadow, else
PAM can't authenticate)
$ /usr/sbin/groupadd -r
/shadow-readers
$ chmod 660 /etc/shadow
$ chown
root:shadow-readers /etc/shadowConfiguration of
/etc/pam.d/httpd
auth
required
/lib/security/pam_unix_auth.so
account required /lib/security/pam_permit.so
account required /lib/security/pam_permit.so
Snippet from file:
/usr/local/apache/conf/httpd.conf
...
...
User nobody
Group shadow-readers
Group shadow-readers
...
...
LoadModule pam_auth_module
libexec/mod_auth_pam.so
...
...
<VirtualHost xx.xx.xx.xx>
# All users from group FTP are
allowed to login
# This works
fine!
<Directory
/home/www/mysite.com/wwwroot/pamsecure>
AuthPAM_Enabled on
AuthType Basic
AuthName "PAM Realm"
Require group ftp
</Directory>
AuthPAM_Enabled on
AuthType Basic
AuthName "PAM Realm"
Require group ftp
</Directory>
# Only user "customuser" created
with htpasswd ( htpasswd -c /usr/local/apache/passwords/passwords.acl
customuser )
# is allowed to
login.
# This
doesn't work, somehow!
<Directory
/home/www/mysite.com/wwwroot/customsecure>
AuthPAM_Enabled off
AuthType Basic
AuthName "Custom Realm"
AuthUserFile /usr/local/apache/passwords/passwords.acl
AuthPAM_Enabled off
AuthType Basic
AuthName "Custom Realm"
AuthUserFile /usr/local/apache/passwords/passwords.acl
Require
user customuser
</Directory>
</VirtualHost>
...
...
...
------------
Bezoekadres: Amtex Internetdiensten, Plantsoengracht 2, 1441 DE Purmerend, The Netherlands
Correspondentieadres: Amtex Internetdiensten, Wipmolen 148, 1444 GZ Purmerend, The Netherlands
Bezoekadres: Amtex Internetdiensten, Plantsoengracht 2, 1441 DE Purmerend, The Netherlands
Correspondentieadres: Amtex Internetdiensten, Wipmolen 148, 1444 GZ Purmerend, The Netherlands
Tel. +31(0)299-772529, Cellular. +31(0)6-20044798,
Fax. +31(0)84-8761792
Website: http://www.amtex.nl, Company Email: info@amtex.nl
Website: http://www.amtex.nl, Company Email: info@amtex.nl
Consultancy - Interactive websites - Webhosting -
Database connectivity - E-business solutions
Amtex Internetdiensten is onderdeel van Proto56
Internet Solutions
