Re: Getting pam_auth_mod to work with apache2.0

[Cal Heldenbrand <heldenca@xxxxxxxxxxx>]

I don't know if this has any relevence or not, but I've encountered some 
strange memory problems with some pam modules used inside of 
pam_auth_mod.  For example, when I used pam_winbind or pam_smbpass, I 
would get seg faults and other misc alloc problems...  when I switched 
to the older pam_smb_auth it worked fine.  The exact same pam config 
file would work fine with other apps.

So, I have no idea if this applies to your situation -- usually I had 
some fairly explanitory errors in /var/log/messages, but I'm just 
throwing in my two cents.  :-)

Also, one note:  Should AuthPAM_Enabled be set to "On" in your htaccess?

-Cal

> Hi group,
>  
> I'm a new user to this list and I signed up to get pam_auth_mod to 
> work successfully with apache 2.0 when using .htaccess files and no 
> .htpasswd file.
> I'm currently trying to get this to work on a fedora system with 
> apache 2.0.50 installed. If someone can tell me how the httpd pam-file 
> and the .htaccess file should look like, I'd be very gratefull.
> At the moment I'm getting errors like:
>  
> in /var/log/httpd/error_log:
> [crit] [client 192.168.1.2] configuration error:  couldn't check 
> user.  No user file?: /testdir/
> [error] [client 192.168.1.2] PAM: user 'xxxxx' - not authenticated: 
> Authentication failure
>  
> in /var/log/messages
> httpd(pam_unix)[3626]: authentication failure; logname= uid=48 euid=48 
> tty= ruser= rhost=  user=xxxxx
> (xxxxx = username)
>  
> the output of cat /etc/pam.d/httpd is:
> #%PAM-1.0
> auth       required     /lib/security/pam_stack.so service=system-auth
> account    required     /lib/security/pam_stack.so service=system-auth
> the .htaccess-file looks like this:
> #ALL users on the RAQ550 can access this directory.
> #Access file
> order allow,deny
> allow from all
> require valid-user
> Authname "Login Name for Access"
> Authtype Basic
> AuthAuthoritative off
> AuthPAM_Enabled off
> (This one results in the error No user file?: /testdir/)
>  
> I'm also trying to get it to work on a fedora fc1 system with apache 
> 2.0.50 installed - and with a BlueQuartz webadmin-system. BlueQuartz 
> is a translation of the Cobalt RAQ550 system for RedHat and Fedora.
> I pretty much get the same errors there.
>  
> As far as I understand the BQ-system doesn't use the shadow-password 
> file. I also read somewhere that the RAQ550 was set up so that it 
> wouldn't be possible to use the raq-db with .htaccess because of 
> security reasons. 
> During my research I found that Cobalt had a file called 
> mod_auth_pam-external so it could work with external databases. Does 
> anyone on the list know if there is such a module for apache 2.0?
>  
> Hope someone can help out.
>  
> Yours,
> Trond
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
>
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
>  


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list