adler at stephenadler.com
Fri Aug 18 13:01:33 EDT 2006
Success... sort of....
I finally got it to work. Actually it was all documented, (how to set it
up,) and it was just a question of RTFM'ing.
The mod_auth_pam pretty much worked right out of the box. (i.e. it was
never the problem
of my inability to authenticate.) The httpd configureation file (and
this is for redhat enterprise linux 4) looks like
[root at qmt0 init.d]# cat /etc/pam.d/httpd
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
So, the two things I had to do was fix ypserv to allow shadow.name to be
access from a port greater than 1024 by modifying /etc/ypserf.conf, and
change the group on the /etc/shadow to apache and chmod it to 440.
(ouch...) I sort blew a hole in the security of my system... but at
least now I can authenticate. :)
Thanks to everyone for their help!
Matthew Gillen wrote:
> Stephen Adler wrote:
>> I tried the system-auth, but the httpd mod_auth_pam could not find the
>> appropriate pam modules. :(
>> [root at qmt0 pam.d]# more httpd
>> auth required /lib/security/pam_unix.so
>> account required /lib/security/pam_unix.so
>> #auth include system-auth
>> #account include system-auth
>> the commented out lines were what I tried...
> For what it's worth, here's the contents of my system-auth:
> $ cat /etc/pam.d/system-auth
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth required pam_deny.so
> account required pam_unix.so
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
> password requisite pam_cracklib.so try_first_pass retry=3
> password sufficient pam_unix.so md5 shadow nis nullok try_first_pass
> password required pam_deny.so
> session required pam_limits.so
> session required pam_unix.so
> Discuss mailing list
> Discuss at blu.org
More information about the Discuss