Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204921 - New ebuild www-apache/mod_authn_pam
Summary: New ebuild www-apache/mod_authn_pam
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High enhancement (vote)
Assignee: Default Assignee for New Packages
URL: http://mod-auth.sourceforge.net/docs/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-08 17:23 UTC by George Grzyb
Modified: 2008-10-29 09:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description George Grzyb 2008-01-08 17:23:38 UTC 
The current old mod_auth_pam Apache module is a hack job on Version 2.2 and continuously spits out errors whenever queries are done against.

A new ebuild using the code from this sourceforge site would allow for PAM authentication while keeping in line wtih the standard config usage: "AuthBasicProvider pam" and renaming that was done for these modules.

Reproducible: Always

Steps to Reproduce:
N/A
Actual Results:  
N/A

Expected Results:  
N/A

N/A
Comment 1 George Grzyb 2008-01-08 17:33:57 UTC 
The old module which works given a specific configuration was mod_auth_pam. Notice it is "auth" and not "authn". This is not a simple package rename because theses are two different packages:

mod_authn_pam (new): http://mod-auth.sourceforge.net/docs/mod_authn_pam/
mod_auth_pam (old): http://pam.sourceforge.net/mod_auth_pam/

mod_auth_pam has not seen an update in a while... more than likely build for Apache 2.0 while mod_authn_pam was built for >Apache 2.1 using the new authentication framework: http://httpd.apache.org/docs/2.2/new_features_2_2.html (See Core Enhancements for Authn/Authz)
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-02-07 21:35:52 UTC 
in cvs
Comment 3 George Grzyb 2008-03-19 00:53:35 UTC 
(In reply to comment #2)
> in cvs
> 

I have tested this successfully under x86 with Apache 2.2.8. Removed the old mod_auth_pam and replaced with mod_authn_pam. No 

longer receive errors such as the following:

[Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured
[Tue Mar 18 02:32:05 2008] [error] [client 127.0.0.1] No Authn provider configured

Using the following configuration with the # marks denoting what was commented out as it was part of old mod_auth_pam config:

AuthType Basic
AuthBasicAuthoritative off
AuthName "Test"
AuthBasicProvider pam
# AuthPAM_Enabled on
# AuthPAM_FallThrough off

This now provides a method for pam authentication on at least Apache >=2.6.8 within the new authn framework. It is important to 

note that both old and new modules could coexist without issues as this was also tested.

Please unmask this for x86.
Comment 4 Tres 'RiverRat' Melton 2008-04-19 17:55:59 UTC 
This gets called properly from Apache but unless Apache is running as root it won't check an /etc/shadow file.  It should still succeed with other authentication methods though.
Comment 5 Guillaume Hilt 2008-10-29 09:44:48 UTC 
(In reply to comment #4)
> This gets called properly from Apache but unless Apache is running as root it
> won't check an /etc/shadow file.  It should still succeed with other
> authentication methods though.
> 

Unless you do a chmod +r on /etc/shadow file.
(tested on amd64 and it works but it's not really secure :x)