From owner-freebsd-questions@FreeBSD.ORG  Wed May 25 20:25:49 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77FC916A41C
	for <freebsd-questions@freebsd.org>;
	Wed, 25 May 2005 20:25:49 +0000 (GMT) (envelope-from me@hexren.net)
Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de
	[217.115.142.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 288BD43D48
	for <freebsd-questions@freebsd.org>;
	Wed, 25 May 2005 20:25:49 +0000 (GMT) (envelope-from me@hexren.net)
Received: by helium.webpack.hosteurope.de running Exim 4.34 using asmtp
	from pd9e46575.dip.t-dialin.net ([217.228.101.117]
	helo=hexren.steenbuck.net)
	id 1Db2Ro-0003Yg-3z; Wed, 25 May 2005 22:25:48 +0200
Date: Wed, 25 May 2005 22:25:47 +0200
From: Hexren <me@hexren.net>
X-Mailer: The Bat! (v1.62i) Business
X-Priority: 3 (Normal)
Message-ID: <13523707068.20050525222547@hexren.net>
To: freebsd-questions@freebsd.org
In-Reply-To: <4294CC00.1040909@synthexp.net>
References: <1657183228.20050525175024@hexren.net>
	<4294C2B8.6010801@synthexp.net> <4294CC00.1040909@synthexp.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re[2]: mod_auth_pam apache pam
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Hexren <me@hexren.net>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2005 20:25:49 -0000

> Ihsan Junaidi Ibrahim wrote:
>   > I've encountered the problem as well and have lived without it since; if
>> I recalled correctly from a previous reply on this list, pam_unix.so
>> uses getpwnam () to fetch the password information. It will only return
>> the password if the calling process has an UID of 0 (root). Since your
>> apache is running as user www, that should explain why the
>> authentication failed.
>> 
>> The only workaround is to have your apache runs as root or use a
>> different authentication back-end.
>> 

> I forgot to add. Another suitable workaround is to use mod_auth_external 
> (www/mod_auth_external) and pwauth (security/pwauth) to authenticate 
> against but not limited to /etc/passwd. On a busy server, this may incur 
> certain overhead but the important thing is that it does the job. It is 
> more involving configuration-wise than mod_auth_pam but not by much.

> I have it running for WebDAV as well as password protected directories 
> on an installation.


---------------------------------------------

I think I'll use mod_auth_external, in afterthought I was a bit narrow
minded to focus completly on mod_auth_pam instead of also looking for
other solutions. Thx for fixing that :-)

regards
Hexren