Date: Wed, 03 Jul 2002 13:59:18 +0200 From: Marc Perisa <perisa@porsche.de> To: Barry Byrne <barry.byrne@wbtsystems.com> Cc: "local.freebsd.questions" <freebsd-questions-local@insignia.com>, "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Apache 1.3.22 Message-ID: <3D22E716.9040001@porsche.de> References: <NCBBIAMNAKDKFJIIGNPKCEOFILAA.barry.byrne@wbtsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And you have another problem: Apache 1.3.22 is vulnerable. Read: http://www.cert.org/advisories/CA-2002-17.html Please update as soon as possible. There is already one known worm out there. Marc Barry Byrne wrote: >>-----Original Message----- >>From: owner-freebsd-questions@FreeBSD.ORG >> >> > > > >>I recently added mod_auth_pam from ports to an existing >>Apache installation because I wanted simple password >>file authentication and there's no port of mod_auth_system. >> >> > > > > >>The docs in /usr/local/share/doc/mod_auth_pam say that >>a file will have been added to /etc/pam.d by the install; >>however that directory does not exist. >> >> > >FreeBSD doesn't use /etc/pam.d as some systems do, instead, there >is a single file called /etc/pam.conf > >You need to add lines in the format: > > httpd account required pam_unix.so > > > >>Attempting to access a protected file gets this: >> >>Jul 2 15:20:39 speyburn httpd: unable to dlopen(/usr/lib/pam_unix.so) >>Jul 2 15:20:39 speyburn httpd: unable to dlopen(/usr/lib/pam_unix.so) >>Jul 2 15:20:39 speyburn httpd: [dlerror: /usr/lib/pam_unix.so: >>Undefined symbol "pam_get_item"] >>Jul 2 15:20:39 speyburn httpd: [dlerror: /usr/lib/pam_unix.so: >>Undefined symbol "pam_get_item"] >>Jul 2 15:20:39 speyburn httpd: adding faulty module: >>/usr/lib/pam_unix.so >>Jul 2 15:20:39 speyburn httpd: adding faulty module: >>/usr/lib/pam_unix.so >> >> > > >You probably will have two futher issues here. >Firstly, unless apache is compiled with the PAM libraries, it >will fail to load them. The simplest solution is to use LD_PRELOAD >when starting apache. > >In your apache startup file, try something like: > > LD_PRELOAD="/usr/lib/libpam.so.1" > export LD_PRELOAD > /usr/local/apache/bin/apachectl start > >You may also have another problem: > >pam_unix.so requires root privileges - apache typically runs as 'nobody', >so you won't be able to use this particular PAM module unless you run >apache as root (don't do this). You should be able to use most other PAM >modules just fine though. > > - Barry > > > > > >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D22E716.9040001>