On Tue, Jan 30, 2001 at 03:48:57PM -0300, Felipe Alvarez Harnecker wrote: > > Hi, i hope not to boring you, but i'm having trouble with > mod_auth_pam. > > my /etc/pam.d/http > > auth required pam_unix.so debug > account required pam_unix.so debug
Not sure about your error message, but pam_unix.so cannot be used under mod_auth_pam. That's a shortcoming in this particular module. The basic idea is that pam_unix.so will auth under two circumstances. One, running with privs to read /etc/shadow (such as root, or sgid shadow), in which it can directly auth. This is how login, su and passwd work. The other method is for it to execute the helper application. This is done when the current process does not have permissions to read /etc/shadow (such as lockvt, apache, etc..). The problem here is that the helper application, for security reasons, will only authenticate the uid of the calling process. In the case of apache, that user would be "www-data". So you see, it cannot authenticate for say "joe". I'm pretty sure the mod_auth_pam docs mention this, and possible workarounds. -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'
