kerberos and mod_auth_pam and apache
Grau, Stephen
Stephen.Grau at digex.com
Tue Oct 1 15:20:20 EDT 2002
How do you have it configured in your httpd.conf? I have it working without
pam.
Steve
-----Original Message-----
From: Lars [mailto:nospam at nospam.net]
Sent: Tuesday, October 01, 2002 1:51 PM
To: kerberos at mit.edu
Subject: kerberos and mod_auth_pam and apache
I'd like to kerberize logins to a https server.
How can I use mod_auth_pam to authenticate against kerberos without
requiring any client side changes?
Perhaps, this is the wrong way to do provide web authentication and if I
am barking up the wrong tree, point out the right one.
For a control case, I've gotten mod_auth_pam to work with the regular
unix login, but only after (briefly) changing the shadow password file
permissions to 644. The work-around I'd prefer to avoid is running httpd
as root.
But changing the pam configuration for httpd, I've run up against some
problems. When I try to authenticate, I get the error:
The server requested a login authentication method
that is not supported.
The apache error log shows
[error] (13)Permission denied: access to /foo/index.en.html
failed for 10.0.0.3, reason: Authentication service cannot
retrieve authentication info.
My pam configuration for httpd is:
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_krb5.so use_first_pass
account required /lib/security/pam_unix.so
Any help gratefully accepted
-Lars
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list