From: seph <se...@co...> - 2001-02-15 05:15:57
|
> Cc:ed to the main PAM discussion list. since this sounds like it's not a pam problem, I'm dropping the main pam list :) > Again, this isn't a PAM problem, this is a function of the Unix security > design. Programs that can't access the shadow file can't do shadow-based > authentication, with or without PAM. oh my, you appear to be correct. in my day of frustrating hacking, I must have goofed somewhere as it worked this time. foolish me for not triple checking before mailing. so, now that I have mod_auth_pam working with /etc/shadow, can anyone explain what I need to do to get it to work with NIS? my understanding is that pam_unix.so just does the the various system calls, and that they handle NIS. I certainly didn't need to do anything special to /etc/pam.d/login to get it to work with NIS... My configs and various errors... from httpd.conf: User www-data Group www-data LoadModule pam_auth_module /usr/lib/apache/1.3/mod_auth_pam.so AddModule mod_auth_pam.c <Directory /var/www/intranet/ops> AuthPAM_Enabled On AuthType Basic AuthName "test" require valid-user </Directory> from /etc/pam.d/httpd: auth required pam_unix.so dis:~# ls -l /etc/shadow -rw-r----- 1 root shadow 686 Feb 14 18:45 /etc/shadow dis:~# tail -1 /var/log/auth.log Feb 14 21:04:48 dis PAM_unix[27216]: authentication failure; (uid=33) -> **unknown** for httpd service dis:~# tail -1 /var/log/apache/error.log [Wed Feb 14 21:04:50 2001] [error] (25)Inappropriate ioctl for device: access to /ops/ failed for 10.0.0.21, reason: Authentication failure sorry again for the initial confusion. seph |