Gentoo Wiki




With mod_authnz_external you are able to use any kind of authentication method you like, for example a script you wrote, LDAP, PAM or whatever.

This howto is about PAM, because I used mod_auth_pam before but after upgrading apache this module broke and though nothing changed the configuration, I was not able to use this module again. So I searched a replacement and found mod_authnz_external (and had some trouble configuring it).

Why not mod_auth_pam?

There are three reasons why you should not use mod_auth_pam:


Two programs are needed, which are both provided by portage (maybe you have to unmask them):


Instead we create a new file

File: /etc/apache2/vhosts.d/auth.include
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
AddExternalGroup unixgroup /usr/sbin/unixgroup
SetExternalGroupMethod unixgroup environment
File: /etc/apache2/vhosts.d/00_default_vhost.conf
<VirtualHost *:80>
        Include /etc/apache2/vhosts.d/default_vhost.include

        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        Include /etc/apache2/vhosts.d/auth.include

Do not put this include directive into default_vhost.include!

File: .htaccess
        AuthType Basic
        AuthName "This is private"
        AuthBasicProvider external
        AuthExternal pwauth
        GroupExternal unixgroup

Don't forget to append your require/order/...-statements.

Retrieved from ""

Last modified: Mon, 23 Jun 2008 02:49:00 +0000 Hits: 2,096