Project

General

Profile

Forums » Support »

[Solved] Can't seem to get SASL auth to work

Added by def-pri-pub almost 6 years ago

I'm running lighttpd 1.4.49 on an older Ubuntu system (12.04). I've got a directory that I want to protect, and ensure that only users who are in my /etc/shadow file are able to access it. This is what is included at the end of my lighttpd.conf file:

server.modules += ( "mod_auth", "mod_authn_sasl")
auth.backend = "sasl" 

auth.require = ( "/private/" =>
  ( "method" => "basic",
    "realm" => "Private Space",
    "require" => "valid-user" 
  )
)

The server starts up fine, and when I try to access that directory with my browser, it is prompting me for a username and password. Problem is that when I enter my login info, it's not letting me in. I used the testsaslsauthd with the same credentials and it reported that the login was good.

Is there something else that I need to set for lighttpd to be able to use SASL auth? Does it maybe have something to do root permissions (e.g. testsaslauthd required root permissions to run).


Replies (4)

RE: Can't seem to get SASL auth to work - Added by gstrauss almost 6 years ago

Yes. If you choose a sasl backend that requires root permission, then you require root permission. SASL can support many backends. You have configured yours to use /etc/shadow, which requires root.

RE: Can't seem to get SASL auth to work - Added by def-pri-pub almost 6 years ago

Is there some bit/flag/permission I need to do on some file?

RE: Can't seem to get SASL auth to work - Added by gstrauss almost 6 years ago

I have to tell you that hooking an internet-facing web server up to /etc/shadow is a bad idea.

With the questions you have been asking, I want to be quite clear that you should consider an alternative, such as simple digest authentication.

RE: Can't seem to get SASL auth to work - Added by def-pri-pub almost 6 years ago

I can understand the concern and security risk of this, but this webserver is for a non-internet facing application. It's meant to be run inside of a private internal network. I need the user login's for this to be synced with their accounts on a Linux system.

    (1-4/4)