mod_auth_pam

Stephen Adler adler at stephenadler.com
Fri Aug 18 11:24:22 EDT 2006 

I think its coming down to the fact that httpd is on a port which is 
greater than 1024 and there is something in ypserv.conf about 
restricting getting shadow.byname to high port number requests.

snipit from /etc/ypserv.conf
# Not everybody should see the shadow passwords, not secure, since
# under MSDOG everbody is root and can access ports < 1024 !!!
*                          : *       : shadow.byname    : port
*                          : *       : passwd.adjunct.byname : port

I need to do more research on ypserv.conf...

Matthew Gillen wrote:
> It doesn't seem like this should make a difference, but here's what mine looks
> like:
> $ cat /etc/pam.d/httpd
> #%PAM-1.0
> auth       include      system-auth
> account    include      system-auth
> # Comment out the previous account line and uncomment the following line if
> # you wish to allow logins that don't have a system account
> #account    required     pam_permit.so
>
>
> Stephen Adler wrote:
>   
>> I'm running red hat enterprise linux 4.
>>
>>
>> [root at qmt0 init.d]# cat /etc/pam.d/httpd
>> #%PAM-1.0
>> auth       required     /lib/security/pam_unix.so
>> account    required     /lib/security/pam_unix.so
>>
>> it is there....
>>
>> Matthew Gillen wrote:
>>     
>>> What distro are you using?  Fedora Extras has an mod_auth_pam package
>>> that
>>> works out of the box for me with NIS.
>>>
>>> Looking at the file listing for that package, it seems that there is a
>>> file it
>>> adds:
>>>  /etc/pam.d/httpd
>>>
>>> Do you have that file?
>>>
>>> Matt
>>>
>>> Stephen Adler wrote:
>>>  
>>>       
>>>> I'm trying to get mod_auth_pam working using NIS and I'm having a bit of
>>>> a problem.
>>>> I've downloaded mod_auth_pam, (mod_auth_pam-2.0-1.1.1.tar.gz) and did
>>>> the required
>>>> make; make install.
>>>>
>>>> I added the lines
>>>>
>>>> # loading mod_auth_pam module. SA - Fri Aug 18th, 2006
>>>> LoadModule auth_pam_module modules/mod_auth_pam.so
>>>> LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
>>>>
>>>> to the /etc/httpd/conf/httpd.conf file
>>>>
>>>> and restarted httpd. This worked all ok. I then created a directory
>>>> /usr/local/www/adler
>>>> and put an index.html file there. I also created a file localusers.conf
>>>> with the following
>>>> text
>>>> #
>>>> # Local qmp users web directories
>>>> #
>>>>
>>>> Alias /adler /usr/local/www/adler
>>>> <Directory /usr/local/www/adler>
>>>>  AuthType Basic
>>>>  AuthName "secure area"
>>>> #  require group adler
>>>>  require user adler
>>>> </Directory>
>>>>
>>>> and put that in /etc/httpd/conf.d directory
>>>>
>>>> Finally I surfed to http://localhost/adler and the username password
>>>> authorization window
>>>> pops up. I put in my user name and password and the authorization fails.
>>>> The following
>>>> text shows up in the /var/log/messages file
>>>>
>>>>
>>>> Aug 18 10:48:50 qmt0 ypserv[19665]: refused connect from
>>>> 172.17.1.2:34502 to procedure ypproc_match
>>>> (quantummoleculartech.com,shadow.byname;-1)
>>>> Aug 18 10:48:50 qmt0 httpd(pam_unix)[19463]: authentication failure;
>>>> logname= uid=48 euid=48 tty= ruser= rhost=  user=adler
>>>>
>>>>
>>>> So, pam authentication is being enabled, but ypserv is refusing the
>>>> connection. I've removed /var/yp/securenets file and have restarted
>>>> ypserv.
>>>>
>>>> Any ideas?
>>>>
>>>> Cheers. Steve.
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> Discuss at blu.org
>>>> http://olduvai.blu.org/mailman/listinfo/discuss
>>>>     
>>>>         
>>>   
>>>       
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss
>
>

More information about the Discuss mailing list