From owner-freebsd-questions@FreeBSD.ORG Wed May 25 19:01:47 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BCD816A41C for ; Wed, 25 May 2005 19:01:47 +0000 (GMT) (envelope-from ihsan@synthexp.net) Received: from anggerik.meltechsystems.net (anggerik.meltechsystems.net [202.71.100.92]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF27643D1D for ; Wed, 25 May 2005 19:01:46 +0000 (GMT) (envelope-from ihsan@synthexp.net) Received: by anggerik.meltechsystems.net (Postfix, from userid 1079) id DACDB50819; Thu, 26 May 2005 03:00:10 +0800 (MYT) Received: from [192.168.1.182] (unknown [60.48.81.41]) by anggerik.meltechsystems.net (Postfix) with ESMTP id 452F250816 for ; Thu, 26 May 2005 03:00:08 +0800 (MYT) Message-ID: <4294CC00.1040909@synthexp.net> Date: Thu, 26 May 2005 03:03:28 +0800 From: Ihsan Junaidi Ibrahim User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org References: <1657183228.20050525175024@hexren.net> <4294C2B8.6010801@synthexp.net> In-Reply-To: <4294C2B8.6010801@synthexp.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on anggerik.meltechsystems.net X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.3 X-Spam-Level: Cc: Subject: Re: mod_auth_pam apache pam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2005 19:01:47 -0000 Ihsan Junaidi Ibrahim wrote: > I've encountered the problem as well and have lived without it since; if > I recalled correctly from a previous reply on this list, pam_unix.so > uses getpwnam () to fetch the password information. It will only return > the password if the calling process has an UID of 0 (root). Since your > apache is running as user www, that should explain why the > authentication failed. > > The only workaround is to have your apache runs as root or use a > different authentication back-end. > I forgot to add. Another suitable workaround is to use mod_auth_external (www/mod_auth_external) and pwauth (security/pwauth) to authenticate against but not limited to /etc/passwd. On a busy server, this may incur certain overhead but the important thing is that it does the job. It is more involving configuration-wise than mod_auth_pam but not by much. I have it running for WebDAV as well as password protected directories on an installation. -- Thank you for your time, Ihsan Junaidi Ibrahim, http://ihsan.synthexp.net