Stephen Adler adler at
Fri Aug 18 13:01:33 EDT 2006

Success... sort of....

I finally got it to work. Actually it was all documented, (how to set it 
up,) and it was just a question of RTFM'ing.

The mod_auth_pam pretty much worked right out of the box. (i.e. it was 
never the problem
of my inability to authenticate.) The httpd configureation file (and 
this is for redhat enterprise linux 4) looks like

[root at qmt0 init.d]# cat /etc/pam.d/httpd
auth       required     /lib/security/
account    required     /lib/security/

So, the two things I had to do was fix ypserv to allow to be 
access from a port greater than 1024 by modifying /etc/ypserf.conf, and 
change the group on the /etc/shadow to apache and chmod it to 440. 
(ouch...) I sort blew a hole in the security of my system... but at 
least now I can authenticate. :)

Thanks to everyone for their help!

Cheers. Steve.

Matthew Gillen wrote:
> Stephen Adler wrote:
>> I tried the system-auth, but the httpd mod_auth_pam could not find the
>> appropriate pam modules. :(
>> [root at qmt0 pam.d]# more httpd
>> #%PAM-1.0
>> auth       required     /lib/security/
>> account    required     /lib/security/
>> #auth       include      system-auth
>> #account    include      system-auth
>> the commented out lines were what I tried...
> For what it's worth, here's the contents of my system-auth:
> $ cat /etc/pam.d/system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required
> auth        sufficient nullok try_first_pass
> auth        requisite uid >= 500 quiet
> auth        required
> account     required
> account     sufficient
> account     sufficient uid < 500 quiet
> account     required
> password    requisite try_first_pass retry=3
> password    sufficient md5 shadow nis nullok try_first_pass
> use_authtok
> password    required
> session     required
> session     required
> ------------------------
> HTH,
> Matt
> _______________________________________________
> Discuss mailing list
> Discuss at

More information about the Discuss mailing list