This would be a fantastic feature-add for us as it allows custom
cloud-auth PAM modules too; for example, we can authenticate against
Amazon IAM, Simple DB, Secure Remote Protocol, or anything else we could
imagine using pam_redirector. This might require an unacceptable
combination of dependencies for the build process, but for us, at least,
this would be an incredible feature.
On 02/20/2012 01:54 AM, Cyril LAVIER wrote:
Le 18.02.2012 23:35, Peter Colberg a écrit :
Package: nginx-light
Version: 1.1.14-1
Severity: wishlist
Tags: patch
Dear Maintainer,
Currently upstream nginx only supports authentication based on a
htpasswd file. Authentication based on, e.g., an LDAP or PostgreSQL
database is not possible without resorting to custom FastCGI backend
software, which in some cases is excessively complex, e.g. when
serving password-protected static content.
I have been using a version of the nginx Debian package patched with
the ngx_http_auth_pam_module, together with libpam-ldap, for years
now, and found it to be a simple and stable solution for LDAP
authentication.
http://web.iti.upv.es/~sto/nginx/
It would be nice to have Auth PAM included in the nginx-* Debian
packages.
If so, I could help with writing a README example for LDAP
authentication.
Thanks,
Peter
Hi Peter.
Thanks for this report.
Honestly, I don't think using PAM is a good way to perform a LDAP
authentication with NGINX, mainly because it requires further
configuration in other packages than NGINX.
Also, did you tried to build/use the module against libpam-ldapd,
which is used by some people in place of libpam-ldap.
Even if I'm not convinced, I let you a chance to sell me (and maybe
us, the whole maintaining team) this module, and the advantage of
using PAM instead of directly connecting to a LDAP directory with NGINX.
By the way, adding a module for LDAP authentication is one of the
tasks on our goals for the Wheezy freeze. We found this module
(https://github.com/kvspb/nginx-auth-ldap) which directly connects to
a LDAP directory, and I have been using it over the last months, and I
didn't had any instabilities with it.
Talking about the inclusion of a LDAP auth module in nginx-light (and
all other flavours), I don't see any issues, as the light flavour
already has the auth-basic, it's logical to have the ldap-auth in it.
Kartik, Michael, Dmitry, Jose and Fabio, what are your thoughts about
this module ?
Thanks.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
