Subject: | |
From: | |
Reply To: | Gilbert E. Detillieux |
Date: | Tue, 16 Sep 2014 10:35:17 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
The mod_auth_pam module also doesn't work if you're using shadow
passwords, since it runs with the same user privileges as the web
server. I've been using mod_auth_shadow (also found in EPEL) instead.
The module mod_auth_shadow doesn't directly query the shadow file/map,
but simply leaves authentication up to a setuid-root helper program
(/usr/sbin/validate), which uses getspnam(3) to look up the user's
shadow map entry and crypt(3) to encrypt the supplied password. This
may not be as versatile as pam, but it does at least give you nss
support for non-local maps.
Gilbert
On 16/09/2014 8:49 AM, Brandon Vincent wrote:
> On Tue, Sep 16, 2014 at 12:16 PM, lejeczek <[log in to unmask]> wrote:
>> I see there is no "mod_auth_pam" in repos, is there anything that has
>> replaced it would you know?
>
> The "mod_auth_pam" package for EL5 and EL6 is provided by the EPEL
> repositories [1].
>
> mod_auth_pam has been unsupported and no longer developed by upstream
> since Apache 2.0. SL7 ships with Apache 2.4. [2]
>
> You should take a look at mod_authnz_external as a replacement. [3]
> Please note that there is presently no EPEL 7 package yet, so you'll
> have to compile it from source.
>
> [1] https://fedoraproject.org/wiki/EPEL
> [2] http://pam.sourceforge.net/mod_auth_pam/
> [3] http://code.google.com/p/mod-auth-external/
>
> Brandon Vincent
--
Gilbert E. Detillieux E-mail: <[log in to unmask]>
Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba Phone: (204)474-8161
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609
|
|
|