Date: Wed, 25 May 2005 22:25:47 +0200 From: Hexren <me@hexren.net> To: freebsd-questions@freebsd.org Subject: Re[2]: mod_auth_pam apache pam Message-ID: <13523707068.20050525222547@hexren.net> In-Reply-To: <4294CC00.1040909@synthexp.net> References: <1657183228.20050525175024@hexren.net> <4294C2B8.6010801@synthexp.net> <4294CC00.1040909@synthexp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Ihsan Junaidi Ibrahim wrote: > > I've encountered the problem as well and have lived without it since; if >> I recalled correctly from a previous reply on this list, pam_unix.so >> uses getpwnam () to fetch the password information. It will only return >> the password if the calling process has an UID of 0 (root). Since your >> apache is running as user www, that should explain why the >> authentication failed. >> >> The only workaround is to have your apache runs as root or use a >> different authentication back-end. >> > I forgot to add. Another suitable workaround is to use mod_auth_external > (www/mod_auth_external) and pwauth (security/pwauth) to authenticate > against but not limited to /etc/passwd. On a busy server, this may incur > certain overhead but the important thing is that it does the job. It is > more involving configuration-wise than mod_auth_pam but not by much. > I have it running for WebDAV as well as password protected directories > on an installation. --------------------------------------------- I think I'll use mod_auth_external, in afterthought I was a bit narrow minded to focus completly on mod_auth_pam instead of also looking for other solutions. Thx for fixing that :-) regards Hexren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13523707068.20050525222547>