[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache, mod_auth_pam, pam_krb4, and you

> I'm going slowly insane trying to convince Apache to pass a user/pass to
> pam_krb4, thereby validating a user for entrance into a secure directory.  Is
> it too much to hope for that it's this simple?

I haven't used that module before, but I would suggest making sure you have
a /etc/pam.d/other ruleset that looks similar to:

auth     required   pam_deny.so
auth     required   pam_warn.so
account  required   pam_deny.so
account  required   pam_warn.so
password required   pam_deny.so
password required   pam_warn.so
session  required   pam_deny.so
session  required   pam_warn.so

This will make things which fall through other pam rules complain loudly in
the logs and reject any [auth/account/password/session] attempts without
explicit rules.  Its not only handy for debugging but its also probably not
a bad default configuration, I rather wish pam was distributed this way as
a stock config, but I gather its not "traditional."  Anyway, it may help
you figure out whats wrong, it may not - I tend to find looking at the
source code for pam modules mandatory when debugging problems like that,
many times there is a squirled away debug option which can bring more
things to light.

Jamie Heilman                   http://audible.transient.net/~jamie/
"You came all this way way without saying squat and now you're trying
 to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
 I liked you better when you weren't saying squat kid."	-Buddy

Reply to: