Summary: | New ebuild www-apache/mod_authn_pam | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | George Grzyb <spamreceiver> |
Component: | New packages | Assignee: | Default Assignee for New Packages <maintainer-wanted> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | apache-bugs, postmaster |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | http://mod-auth.sourceforge.net/docs/mod_authn_pam/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
George Grzyb
2008-01-08 17:23:38 UTC
The old module which works given a specific configuration was mod_auth_pam. Notice it is "auth" and not "authn". This is not a simple package rename because theses are two different packages: mod_authn_pam (new): http://mod-auth.sourceforge.net/docs/mod_authn_pam/ mod_auth_pam (old): http://pam.sourceforge.net/mod_auth_pam/ mod_auth_pam has not seen an update in a while... more than likely build for Apache 2.0 while mod_authn_pam was built for >Apache 2.1 using the new authentication framework: http://httpd.apache.org/docs/2.2/new_features_2_2.html (See Core Enhancements for Authn/Authz) in cvs (In reply to comment #2) > in cvs > I have tested this successfully under x86 with Apache 2.2.8. Removed the old mod_auth_pam and replaced with mod_authn_pam. No longer receive errors such as the following: [Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured [Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured Using the following configuration with the # marks denoting what was commented out as it was part of old mod_auth_pam config: AuthType Basic AuthBasicAuthoritative off AuthName "Test" AuthBasicProvider pam # AuthPAM_Enabled on # AuthPAM_FallThrough off This now provides a method for pam authentication on at least Apache >=2.6.8 within the new authn framework. It is important to note that both old and new modules could coexist without issues as this was also tested. Please unmask this for x86. This gets called properly from Apache but unless Apache is running as root it won't check an /etc/shadow file. It should still succeed with other authentication methods though. (In reply to comment #4) > This gets called properly from Apache but unless Apache is running as root it > won't check an /etc/shadow file. It should still succeed with other > authentication methods though. > Unless you do a chmod +r on /etc/shadow file. (tested on amd64 and it works but it's not really secure :x) |