Date: Thu, 26 May 2005 03:03:28 +0800 From: Ihsan Junaidi Ibrahim <ihsan@synthexp.net> To: questions@freebsd.org Subject: Re: mod_auth_pam apache pam Message-ID: <4294CC00.1040909@synthexp.net> In-Reply-To: <4294C2B8.6010801@synthexp.net> References: <1657183228.20050525175024@hexren.net> <4294C2B8.6010801@synthexp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ihsan Junaidi Ibrahim wrote: > I've encountered the problem as well and have lived without it since; if > I recalled correctly from a previous reply on this list, pam_unix.so > uses getpwnam () to fetch the password information. It will only return > the password if the calling process has an UID of 0 (root). Since your > apache is running as user www, that should explain why the > authentication failed. > > The only workaround is to have your apache runs as root or use a > different authentication back-end. > I forgot to add. Another suitable workaround is to use mod_auth_external (www/mod_auth_external) and pwauth (security/pwauth) to authenticate against but not limited to /etc/passwd. On a busy server, this may incur certain overhead but the important thing is that it does the job. It is more involving configuration-wise than mod_auth_pam but not by much. I have it running for WebDAV as well as password protected directories on an installation. -- Thank you for your time, Ihsan Junaidi Ibrahim, http://ihsan.synthexp.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4294CC00.1040909>