Search:  
Gentoo Wiki

HOWTO_PAM_authentication_with_Apache_2.2_and_mod_authnz_external

Contents

Preface

With mod_authnz_external you are able to use any kind of authentication method you like, for example a script you wrote, LDAP, PAM or whatever.

This howto is about PAM, because I used mod_auth_pam before but after upgrading apache this module broke and though nothing changed the configuration, I was not able to use this module again. So I searched a replacement and found mod_authnz_external (and had some trouble configuring it).

Why not mod_auth_pam?

There are three reasons why you should not use mod_auth_pam:

Installation

Two programs are needed, which are both provided by portage (maybe you have to unmask them):

Configuration

Instead we create a new file

File: /etc/apache2/vhosts.d/auth.include
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
AddExternalGroup unixgroup /usr/sbin/unixgroup
SetExternalGroupMethod unixgroup environment
File: /etc/apache2/vhosts.d/00_default_vhost.conf
<VirtualHost *:80>
        ServerName www.example.com:80
        Include /etc/apache2/vhosts.d/default_vhost.include

        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        </IfModule>
        Include /etc/apache2/vhosts.d/auth.include
</VirtualHost>

Do not put this include directive into default_vhost.include!

File: .htaccess
        AuthType Basic
        AuthName "This is private"
        AuthBasicProvider external
        AuthExternal pwauth
        GroupExternal unixgroup
        ...

Don't forget to append your require/order/...-statements.

Retrieved from "http://www.gentoo-wiki.info/HOWTO_PAM_authentication_with_Apache_2.2_and_mod_authnz_external"

Last modified: Mon, 23 Jun 2008 02:49:00 +0000 Hits: 2,096