Package: libapache2-mod-auth-shadow
Version: 2.1-2
Severity: important

After setting up shadow auth as described in README.debian, authentication
does not work.  It seems that 'validate' gets called, but with wrong arguments
(the server waits 3 seconds before re-asking for authentication).  On an
older system running apache 2.2.4-1, the same setup runs fine.


The relevant part of the apache2 configuration:

<Directory /usr/share/backuppc/cgi-bin/>
        AllowOverride None
        Options ExecCGI FollowSymlinks
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi

        # For shadow auth
        AuthShadow on
        AuthBasicAuthoritative off
 
        # For htpasswd auth
        #AuthGroupFile /etc/backuppc/htgroup
        #AuthUserFile /etc/backuppc/htpasswd

        AuthType basic
        AuthName "BackupPC admin"
        require valid-user

        SSLrequireSSL
</Directory>


/var/log/apache/error.log says:

[Mon Dec 10 14:16:26 2007] [error] Internal error: pcfg_openfile() called with 
NULL filename
[Mon Dec 10 14:16:26 2007] [error] [client 127.0.1.1] (9)Bad file descriptor: 
Could not open password file: (null)
[Mon Dec 10 14:16:29 2007] [error] [client 127.0.1.1] PAM: user 'backuppc' - 
not authenticated: Authentication failure


'validate' works as expected:
        sh-3.1$ whoami
        www-data
        sh-3.1$ pwd
        /usr/lib/libapache2-mod-auth-shadow
        sh-3.1$ ./validate
        backuppc
        (wrong password)
        ./validate: User backuppc: authentication failure
        sh-3.1$ ./validate
        backuppc
        (right password)
        sh-3.1$ exit


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-auth-shadow depends on:
ii  apache2.2-common              2.2.6-2    Next generation, scalable, extenda
ii  libc6                         2.7-4      GNU C Library: Shared libraries

libapache2-mod-auth-shadow recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to