NIS + mod_auth_pam + Apache2 + Debian

Matt Bogosian <mattb@xxxxxxxxxxxx> · Wed, 12 Nov 2003 00:08:27 -0800 (PST)

Howdy all,

I've tried to search to see if there's already a solution for this in
the archives, but I've come up with nothing (maybe I'm just not drawing
the right parallels somewhere).

At any rate, I have a working (Debian) system using PAM/NIS. All the
users in the NIS directory can log into the machine (via ssh). They can
also use their login/passwords to check their mail via IMAP (running on
the same machine). However, none of them can authenticate using HTTP
Auth with Apache2. Every attempt results in a log entry like:

[Tue Nov 11 23:53:22 2003] [error] [client 192.168.1.32] PAM: user
'test' - not authenticated: Authentication failure

Here's my /etc/nsswitch.conf:
passwd:         compat
group:          compat
shadow:         compat

Here's my /etc/pam.d/ssh:
auth        required    pam_nologin.so
@include common-auth
@include common-account
@include common-session
session     optional    pam_motd.so
session     optional    pam_mail.so standard noenv
@include common-password

Here's my /etc/pam.d/imap:
@include common-auth
@include common-account
@include common-password
@include common-session

Here's my /etc/pam.d/apache2:
@include common-auth
@include common-account

Here's my /etc/pam.d/common-auth:
auth    required    pam_env.so
auth    required    pam_unix.so

Here's my /etc/pam.d/common-account:
auth    required    pam_unix.so

Here's my /etc/pam.d/common-session:
session     required    pam_limits.so
session     required    pam_unix.so

Here's my /etc/pam.d/common-password:
password    required    pam_unix.so md5

Here's my Apache2 configuration:
...
<Location /someplace>
    Order Allow,Deny
    Allow From All

    AuthPAM_Enabled On
    AuthPAM_FallThrough Off

    AuthType Basic
    AuthName somplace
    Require group myusers
</Location>

Each of the users that I want to be able to successfully authenticate
via HTTP Auth are in the group 'myusers'. If I log into the machine (as
'test') I am a member of that group:

% groups
test myusers
% ypcat passwd
...
test:x:600:600:test:/home/test:/usr/bin/zsh
...
% ypcat group
...
test:x:600:
myusers:x:700:test,...
...

I've tried changing my nsswitch.conf to read:
passwd:         compat nis
group:          compat nis
shadow:         compat nis

But that doesn't make a difference. I'd really like for my NIS users to
be able to authenticate using mod_auth_pam, but I just don't know how to
make it work. Any help would be appreciated....

--Matt

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list