mod_auth_pam apache pam

Ihsan Junaidi Ibrahim ihsan at synthexp.net
Wed May 25 12:01:47 PDT 2005


Ihsan Junaidi Ibrahim wrote:
  > I've encountered the problem as well and have lived without it since; if
> I recalled correctly from a previous reply on this list, pam_unix.so
> uses getpwnam () to fetch the password information. It will only return
> the password if the calling process has an UID of 0 (root). Since your
> apache is running as user www, that should explain why the
> authentication failed.
> 
> The only workaround is to have your apache runs as root or use a
> different authentication back-end.
> 

I forgot to add. Another suitable workaround is to use mod_auth_external 
(www/mod_auth_external) and pwauth (security/pwauth) to authenticate 
against but not limited to /etc/passwd. On a busy server, this may incur 
certain overhead but the important thing is that it does the job. It is 
more involving configuration-wise than mod_auth_pam but not by much.

I have it running for WebDAV as well as password protected directories 
on an installation.

-- 
Thank you for your time,
Ihsan Junaidi Ibrahim,
http://ihsan.synthexp.net


More information about the freebsd-questions mailing list