On Wed, 6 Oct 2004, Jed Donnelley wrote:
> The bottom line is the way mod_auth_pam is coded, getpwnam and > getrgnam must function for the users/groups that I want to authenticate > from apache with mod_auth_pam. For those functions to work for those > users/groups the users/groups must appear as if they are in > /etc/passwd and /etc/group - e.g. by use of lib_nss and nss_ldap.
This must be something either introduced in the 2.0 version or the way you've implemented it.
I have mod_auth_pam for apache 1.3
I'm also using mod_auth_pam for apache 1.3.
authenticating users via pam_radius and those users don't exist anywhere except on the radius server which is on another box.
Are you doing group authentication from groups on the radius server?
What does your /etc/nsswitch.conf file look like?
Have you looked at mod_auth_pam.c? What do you see at lines 418 and 464?
Do $getent group <groupname>
for a group that exists on your radius server and shouldn't exist locally on the box. Do you see the group?
For some user that's on the radius server but not on the box, run this little perl script as:
./getpwnam.pl <username>
and see what you get:
#!/usr/bin/perl
# Simple routine to accept a single argument, get its password entry, and print out the results
($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwnam($ARGV[0]);
print <<_EOT; name = $name passwd = $passwd uid = $uid gid = $gid quota = $quota comment = $comment gcos = $gcos dir = $dir shell = $shell _EOT
exit;
Do you get anything? I don't see how there can be any ambiguity about what's going on here. Perhaps there are some differences in configurations and needs?
--Jed http://www.nersc.gov/~jed/
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
