Project

General

Profile

[Solved] Pam auth module - howto

Added by sudarski 7 months ago

Hello,

I'm trying to configure lighttp with PAM auth using the mod_authn_pam and would really appretate some instructions (like the ones for LDAP, file etc) Are they available? Could you point me to them?

Thank you very much, in advance.


Replies (4)

RE: Pam auth module - howto - Added by gstrauss 6 months ago

What have you tried? You will not find instructions how to configure PAM here, just how to configure lighttpd to use PAM.

There are no required options for lighttpd mod_authn_pam directive auth.backend.pam.opts. The default service name used by lighttpd is "http" (so your PAM config should have PAM config in a file named something like /etc/pam.d/http) You can specify a different PAM service name with auth.backend.pam.opts = ("service" => "my-PAM-service-name")

RE: Pam auth module - howto - Added by sudarski 6 months ago

Hello gstrauss,

Thank you very much for the feedback.

Unfortunately, I already tried the exact configuration that you suggested and I'm still having issues authenticating using this module. (I did not know how to change the service name, maybe I can try to configure a different service name in PAM, but I doubt that will help me.)

Here is a snippet from my conf file: ====
...
server.modules += ("mod_authn_pam")
auth.backend = "pam"
auth.require = ( "/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "valid-user"
)
)
... ====
And here is my PAM service config (/etc/pam.d/http), it is very simple: ====
/etc/pam.d/http ====

And this is what I get in my lighttp error log: ====
...
2019-02-09 12:14:15: (mod_authn_pam.c.160) pam: Authentication failure
2019-02-09 12:14:15: (mod_auth.c.517) password doesn't match for / username: user2, IP: 10.255.0.6
.... ====

I will try a couple of more configuration modification, maybe that will help. Possibly I should play around with adding /etc/shadow to the group that lighttpd user belong to, or something.

Thank you very much for your help!

RE: Pam auth module - howto - Added by gstrauss 6 months ago

Repeating what was posted above:

You will not find instructions how to configure PAM here, just how to configure lighttpd to use PAM.

RE: Pam auth module - howto - Added by sudarski 6 months ago

Hello gstrauss,

Yes. I'm aware of it. Thank you very much for your help. I know now that my lighttpd side conf is OK.

When I make it work I'll share my findings here. It might be useful to someone else.

Thanks!

    (1-4/4)