On Tue, Jul 15, 2003 at 12:53:43PM -0500, Les Mikesell wrote: > Should it be possible to make apache with mod_auth_pam authenticate > users against an NT domain even if they don't have account > information on the server where apache is running? > I'd like to keep it so users must be added to the password file > to log in directly, but have their passwords authenticated by > the specified NT domain controllers (which is working). However > for the web server I'd like to accept everyone that can > successfully authenticate against the NT domain. So far I haven't > been able to make apache work without an 'account' line in > /etc/pam.d/httpd, and if it is there the user needs an account > on the web server. Then you're using the wrong module in the 'account' line. The 'account' block is used for authorization checks; if you want to grant access to all users who've successfully authenticated, you should use pam_permit.so for 'account'. -- Steve Langasek postmodern programmer
Attachment:
pgp00098.pgp
Description: PGP signature
