auth_pam - not working...but why?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to get an apache/pam/smb system working happily.  Samba swapping spit with AD and I am able to use the wbinfo and getent commands, and also chown/chgrp to domain accounts and groups.  I am unsure if apache is configured correctly, but I cannot find any useful logging facility to help with the PAM config.  I am running Fedora Core 6 with httpd 2.2.6.

 

For /etc/pam.d/httpd:

#%PAM-1.0

auth       required     pam_winbind.so debug

account    required     pam_winbind.so debug

 

I am loading the PAM modules via the auth_pam.conf file in the ../conf.d directory:

[root@sys01 conf.d]# more auth_pam.conf

LoadModule auth_pam_module modules/mod_auth_pam.so

LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

 

Here is my virtual-hosts.conf:

 

# xx.site.com

<VirtualHost 10.66.160.5>

DocumentRoot /import/www.sites/xx/htdocs

ServerName xx.site.com

CustomLog logs/xx.site.com-access_log combined

ErrorLog logs/xx.site.com-error_log

<Directory /import/www.sites>

AllowOverride All

AuthPAM_Enabled on

AuthType Basic

Require valid-user

AuthGROUP_FallThrough on

AuthPAM_FallThrough on

Options ExecCGI FollowSymLinks +Includes +Indexes

IndexOptions FancyIndexing

order deny,allow

deny from all

allow from all

</Directory>

</VirtualHost>

 

Last but not least, the relevant .htaccess file:

AuthUserFile …. /.htpasswd

AuthGroupFile …./.htgroup

AuthName ByPassword

AuthType Basic

AuthPAM_FallThrough on

<Limit GET>

require group "domain users"

require user clientname

</Limit>

 

According to my calculations, now httpd should be able to use domain accounts to authenticate.  The files in question on this webserver have “domain users” as the group owner and 775 permissions – this is not a filesystem permissions issue.  At the apache authentication prompt, when I give a domain account “blah”, apache’s error log says “user blah not found”.  Of course the “clientname” account works so Apache+PAM are the prime suspects for a configuration problem. 

 

So here is the question:  is there any way to see what apache is doing vis a vis auth_pam?  I’d  like to get something more useful out of apache’s logging for this, but I do not know how to make that happen.   

 

 

 

Andrew Sternick
System Administrator

aQuantive, a Microsoft Corporation subsidiary
Leading businesses in digital marketing.

212.798.7320 // direct
212.462.4660 // fax
www.aQuantive.com

 

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux