Re: Apache, mod_auth_pam, pam_krb4, and you
> I'm going slowly insane trying to convince Apache to pass a user/pass to
> pam_krb4, thereby validating a user for entrance into a secure directory. Is
> it too much to hope for that it's this simple?
I haven't used that module before, but I would suggest making sure you have
a /etc/pam.d/other ruleset that looks similar to:
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so
This will make things which fall through other pam rules complain loudly in
the logs and reject any [auth/account/password/session] attempts without
explicit rules. Its not only handy for debugging but its also probably not
a bad default configuration, I rather wish pam was distributed this way as
a stock config, but I gather its not "traditional." Anyway, it may help
you figure out whats wrong, it may not - I tend to find looking at the
source code for pam modules mandatory when debugging problems like that,
many times there is a squirled away debug option which can bring more
things to light.
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came all this way way without saying squat and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't saying squat kid." -Buddy
Reply to: