[Nottingham] Apache and group authentication
Johannes Kling
jok at printk.net
Thu Apr 15 15:26:44 BST 2004
Hello,
I'm having some trouble with mod_auth_pam plugged into apache2
running on a RedHat 9 box.It compiles and loads fine, and even
authenticates users ok. Where it breaks is when trying to convince it
to authenticate groups:
A sample .htaccess file is:
---
Authtype Basic
Authname WebStats
require group site3
---
... which should allow any user in the group "site3" access, according
to the mod_auth_pam docs.
/etc/pam.d/httpd is:
---
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
---
... also as per suggestions in the mod_auth_pam docs.
Apache throws a 500 when you submit credentials to a resource protected
in this way, and logs:
---
[Thu Apr 15 14:59:51 2004] [crit] [client ***.**.***.***] configuration error: couldn't check access. No groups file?: /stats/
---
Needles to say, there is a /etc/group file which is world
readable. I even tried making the gshadow readable for apache, which
made no difference. Authentication fails regardless of wether the
required group is the users group or a suplementatry group.
So far I've been unable to even identify who creates that error
message (it's not mod_auth_pam).
Any insight into why this happens would be greatly appreciated.
Regards,
Johannes Kling
More information about the Nottingham
mailing list