I'm trying to get mod_auth_pam to work with apache 2.0.
It's working up to a point. If I put 'pam_permit.so' into /etc/pam.d/httpd, then everyone can log in.
If I put 'pam_unix.so' in, then no-one can log in.
As apache isn't running as root when pam is called, pam_unix calls unix_chkpwd to verify the username/password in /etc/shadow. At that point unix_chkpwd refuses to verify the password.
A workaround is to use something like pop3 or imap to authenticate users over tcp. I'd recommend that unix_chkpwd be no more restrictive than the workarounds. Have delays for bad passwords, lockouts, etc? Put the unix_chkpwd configuration in /etc/security/unix_chkpwd.conf or on the line in the file in /etc/pam.d that called pam_unix.so?
Or is there a need for mod_auth_pop3 for apache, or pam_pop3.so? Both of which exist out there, apparently.