The current old mod_auth_pam Apache module is a hack job on Version 2.2 and continuously spits out errors whenever queries are done against. A new ebuild using the code from this sourceforge site would allow for PAM authentication while keeping in line wtih the standard config usage: "AuthBasicProvider pam" and renaming that was done for these modules. Reproducible: Always Steps to Reproduce: N/A Actual Results: N/A Expected Results: N/A N/A
The old module which works given a specific configuration was mod_auth_pam. Notice it is "auth" and not "authn". This is not a simple package rename because theses are two different packages: mod_authn_pam (new): http://mod-auth.sourceforge.net/docs/mod_authn_pam/ mod_auth_pam (old): http://pam.sourceforge.net/mod_auth_pam/ mod_auth_pam has not seen an update in a while... more than likely build for Apache 2.0 while mod_authn_pam was built for >Apache 2.1 using the new authentication framework: http://httpd.apache.org/docs/2.2/new_features_2_2.html (See Core Enhancements for Authn/Authz)
in cvs
(In reply to comment #2) > in cvs > I have tested this successfully under x86 with Apache 2.2.8. Removed the old mod_auth_pam and replaced with mod_authn_pam. No longer receive errors such as the following: [Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured [Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured Using the following configuration with the # marks denoting what was commented out as it was part of old mod_auth_pam config: AuthType Basic AuthBasicAuthoritative off AuthName "Test" AuthBasicProvider pam # AuthPAM_Enabled on # AuthPAM_FallThrough off This now provides a method for pam authentication on at least Apache >=2.6.8 within the new authn framework. It is important to note that both old and new modules could coexist without issues as this was also tested. Please unmask this for x86.
This gets called properly from Apache but unless Apache is running as root it won't check an /etc/shadow file. It should still succeed with other authentication methods though.
(In reply to comment #4) > This gets called properly from Apache but unless Apache is running as root it > won't check an /etc/shadow file. It should still succeed with other > authentication methods though. > Unless you do a chmod +r on /etc/shadow file. (tested on amd64 and it works but it's not really secure :x)