Fedora 18
Sponsored Link

Basic Auth + PAM2013/01/25

 
Configure httpd and set a page that people must authenticate and the authentication is from PAM.
[1] Install mod-auth-external and pwauth.
[root@www ‾]#
yum -y install gcc patch httpd-devel pam-devel
[root@www ~]#
wget https://mod-auth-external.googlecode.com/files/mod_authnz_external-3.3.1.tar.gz

[root@www ~]#
wget https://pwauth.googlecode.com/files/pwauth-2.3.10.tar.gz

[root@www ~]#
tar zxvf mod_authnz_external-3.3.1.tar.gz

[root@www ~]#
cd mod_authnz_external-3.3.1

[root@www mod_authnz_external-3.3.1]#
vi 2.4.patch
From d48e9475153cd2f7f1a36941b5c6bc6d6908c818 Mon Sep 17 00:00:00 2001
From: David Sansome <me@davidsansome.com>
Date: Mon, 26 Mar 2012 17:34:00 +0100
Subject: [PATCH] Apache 2.4 compatibility

---
 mod_authnz_external.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mod_authnz_external.c b/mod_authnz_external.c
index 479e57f..dbb5d39 100644
--- a/mod_authnz_external.c
+++ b/mod_authnz_external.c
@@ -443,8 +443,8 @@ static int exec_external(const char *extpath, const char *extmethod,
    if (remote_host != NULL)
        child_env[i++]= apr_pstrcat(p, ENV_HOST"=", remote_host,NULL);

-   if (c->remote_ip)
-       child_env[i++]= apr_pstrcat(p, ENV_IP"=", c->remote_ip, NULL);
+   if (c->client_ip)
+       child_env[i++]= apr_pstrcat(p, ENV_IP"=", c->client_ip, NULL);

    if (r->uri)
        child_env[i++]= apr_pstrcat(p, ENV_URI"=", r->uri, NULL);
-- 
1.7.0.4

[root@www mod_authnz_external-3.3.1]#
patch < 2.4.patch

patching file mod_authnz_external.c
[root@www mod_authnz_external-3.3.1]#
apxs -c mod_authnz_external.c

[root@www mod_authnz_external-3.3.1]#
apxs -i mod_authnz_external.la

[root@www mod_authnz_external-3.3.1]#
[root@www ~]#
tar zxvf pwauth-2.3.10.tar.gz

[root@www ~]#
cd pwauth-2.3.10

[root@www pwauth-2.3.10]#
vi config.h
# line 126: make it comment

/*
#define SHADOW_SUN
# line 134: uncomment

#define PAM
# line 281: change ( httpd's executing ID )

#define SERVER_UIDS
48
  /* user "
apache
" */
[root@www pwauth-2.3.10]#
vi Makefile
# line 10: make it comment

#
LIB= -lcrypt
# line 14: uncomment

LIB=-lpam -ldl
[root@www pwauth-2.3.10]#
make

[root@www pwauth-2.3.10]#
cp pwauth /usr/local/libexec/

[root@www pwauth-2.3.10]#
chmod 4755 /usr/local/libexec/pwauth

[root@www pwauth-2.3.10]#
[root@www ~]#
vi /etc/httpd/conf.modules.d/00-auth.conf
# create new

LoadModule authnz_external_module modules/mod_authnz_external.so
AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe
[root@www ~]#
vi /etc/pam.d/pwauth
# create new

#%PAM-1.0
auth        include       system-auth
account     include       system-auth
session     include       system-auth

[root@www ~]#
vi /etc/httpd/conf.d/auth_pam.conf
# for example, users must authenticate under /var/www/html/test

<Directory /var/www/html/test>
    SSLRequireSSL
    AuthType Basic
    AuthName "PAM Authentication"
    AuthBasicProvider external
    AuthExternal pwauth
    require valid-user
</Directory>

[root@www ~]#
systemctl restart httpd.service
# create a test page

[root@www ~]#
vi /var/www/html/test/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for PAM Auth
</div>
</body>
</html>
  Access to the test page with web browser, then authentication is required as a config. Input a user in local /etc/passwd and authenticate here.
  Just accessed.
Matched Content