[users@httpd] apache 2.2 and mod_auth_pam

[Jason Keltz <ja...@cse.yorku.ca>]

I am trying to upgrade from running mod_auth_pam on the Apache 1.3.X 
series to mod_auth_pam on the Apache 2.2.X series.  I see that the 
authentication and authorization has changed in Apache from the 2.1 
series.  I was able to successfully compile the mod_auth_pam module for 
Apache 2.0.X, but I can't use it because I get errors in the log files:

Tue Aug 01 11:54:52 2006] [error] [client X] (9)Bad file descriptor: 
Could not open password file: (null)
[Tue Aug 01 11:54:58 2006] [error] Internal error: pcfg_openfile() 
called with NULL filename

... which, as I understand it is because I haven't specified an 
AuthBasicProvider since the module doesn't define one.

Has anyone made available a mod_authnz_pam module?  (or mod_authn_pam 
and mod_authz_pam)? I can't imagine that i'm the first to want to use 
pam authentication on the 2.2.X series server.  If a module isn't 
available, is there any way to use the existing authentication module 
with the 2.2 series server? I can't seem to find anything in the 
documentation on this.  The only thing I can find is a claim that most 
2.0 modules will continue to work with 2.2 - they just need to be 
recompiled, but it seems like with the changes in authentication and 
authorization that more than recompilation may be necessary...

I wonder why the "pam" module hasn't made it into the default Apache 
installation yet? I imagine it's used in quite a few installations..

Any assistance would be appreciated...

Jason.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache 2.2 and mod_auth_pam

[Nick Kew <ni...@webthing.com>]

On Tuesday 01 August 2006 20:07, Jason Keltz wrote:
> I am trying to upgrade from running mod_auth_pam on the Apache 1.3.X
> series to mod_auth_pam on the Apache 2.2.X series.  I see that the
> authentication and authorization has changed in Apache from the 2.1
> series.  I was able to successfully compile the mod_auth_pam module for
> Apache 2.0.X, but I can't use it because I get errors in the log files:
>
> Tue Aug 01 11:54:52 2006] [error] [client X] (9)Bad file descriptor:
> Could not open password file: (null)
> [Tue Aug 01 11:54:58 2006] [error] Internal error: pcfg_openfile()
> called with NULL filename
>
> ... which, as I understand it is because I haven't specified an
> AuthBasicProvider since the module doesn't define one.

Yes.

You should be able to use it with 2.2, possibly only by disabling
the normal 2.2 mod_auth_basic (or digest, as appropriate) altogether.
Try ensuring it runs before normal 2.2 authentication.  You can
probably do that simply by using AP_HOOK_FIRST in its auth hook
(but that's just guessing - I haven't looked, let alone tried).

> Has anyone made available a mod_authnz_pam module?  (or mod_authn_pam
> and mod_authz_pam)?

Do google or modules.apache.org have anything to say?

> I wonder why the "pam" module hasn't made it into the default Apache
> installation yet? I imagine it's used in quite a few installations..

It would make sense from a functional point of view.  But it's a third-party
module.  AFAIK they've neither offered it for inclusion, nor been asked by
any of the core developers.  It would require that some core devs are
willing and able to maintain it.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org