Re: Apache mod_auth_pam patch to allow non local users to auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-06-14 at 11:54, Mooney, Ryan wrote:

> Attached is a patch to mod_auth_pam.1.1.1 for apache 1.3.X to optionally allow users who are not in the local password file to be authenticated.  The default behavior is the same as the current version, however if AuthPAM_NoLocalUser is set to ON, it bypasses the local getpwent check and attempts to just use the username as passed in by apache.
> 
> This is useful for when you want to allow groups, or other valid user lists, and are using a remote authentication mechanism (like kerberos, ldap or securid) but do not wish to add real local accounts.  This option has the side affect that if all you require is "valid-user" then anyone who can authenticate via PAM by any means has access (which may not be what you desire).
> 
> ______________________________________________________________________
How is this different from using 
account    required     pam_permit.so
in /etc/pam.d/httpd?  Or is the point to make it
optional per authentication directive to httpd?

---
 Les Mikesell
   les@xxxxxxxxxxxxxxxx




_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux