Apache2::AuthPAM - Authenticate apache request using PAM services

Apache2-AuthPAM documentation  | view source Contained in the Apache2-AuthPAM distribution.

Index

NAME

Top

Apache2::AuthPAM - Authenticate apache request using PAM services

SYNOPSIS

Top

  # /etc/httpd.conf
  <Directory /var/www/https/secured-area/>
     AuthType Basic
     AuthName "your server account"
     PerlAuthenHandler Apache2::AuthPAM
     PerlSetVar PAMservice check_user
     require valid-user
  </Directory>

The PAMservice value above corresponds to the name of a PAM config file. You can use an existing filename, of create a new one with a custom configuration. For example:

  # /etc/pam.d/check_user
  #%PAM-1.0
  auth        required    /lib/security/pam_pwdb.so nodelay
  account     required    /lib/security/pam_pwdb.so

DESCRIPTION

Top

This perl module is designed to work with mod_perl2 and the Authen::PAM module.

You can select the PAM service setting the perl var PAMservice

  PerlSetVar PAMservice the-pam-service-you-want

You can select different PAM services for different directories or locations in your web server filesystem space.

Apache2::AuthPAM works as follows:

  calls pam_start with the selected service.
  calls pam_authenticate with the browser/apache supplied username and password.
  calls pam_acct_mgmt.
  calls pam_end.

If any of the PAM functions fail, Apache2::AuthPAM logs an info level message and returns AUTH_REQUIRED. If all PAM functions are succesfull, Apache2::AuthPAM logs an info level message and returns OK.

Remember that if you don't use https (SSL) then your username and password is transmitted on the network in plain text with each request. So if you are going to use your system password database, you MUST also use mod_ssl or you accounts will be easily compromised.

BUGS

Top

Apache2::AuthPAM is running as the same user mod_perl is running (on RedHat Linux it is apache). It is running without privileges.

AUTHOR

Top

Tim Bunce http://www.tim.bunce.name based on work by Héctor Daniel Cortés González <hdcg@cie.unam.mx>

CREDITS

Top

Apache2::AuthPAM is a direct adaptation of Héctor Daniel Cortés González's Apache::AuthPAM which was itself a direct adaptation of Demetrios E. Paneras' <dep@media.mit.edu> Apache::AuthenNISplus.

Authen::PAM is written by Nikolay Pelov <nikip@iname.com>. The sample PAM application check_user.c was contribuited by Shane Watts with modifications by AGM.

COPYRIGHT

Top

This apache perl module is Free Software, and can be used under the terms of the GNU General Public License v2.0 or later.

SEE ALSO

Top

perl, mod_perl, mod_ssl, Authen::PAM, Linux-PAM

Apache2-AuthPAM documentation  | view source Contained in the Apache2-AuthPAM distribution.