kerberos and mod_auth_pam and apache
Lars
nospam at nospam.net
Tue Oct 1 13:50:38 EDT 2002
I'd like to kerberize logins to a https server.
How can I use mod_auth_pam to authenticate against kerberos without
requiring any client side changes?
Perhaps, this is the wrong way to do provide web authentication and if I
am barking up the wrong tree, point out the right one.
For a control case, I've gotten mod_auth_pam to work with the regular
unix login, but only after (briefly) changing the shadow password file
permissions to 644. The work-around I'd prefer to avoid is running httpd
as root.
But changing the pam configuration for httpd, I've run up against some
problems. When I try to authenticate, I get the error:
The server requested a login authentication method
that is not supported.
The apache error log shows
[error] (13)Permission denied: access to /foo/index.en.html
failed for 10.0.0.3, reason: Authentication service cannot
retrieve authentication info.
My pam configuration for httpd is:
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_krb5.so use_first_pass
account required /lib/security/pam_unix.so
Any help gratefully accepted
-Lars
More information about the Kerberos
mailing list