LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-27-2008, 05:13 PM   #1
webwiznz
LQ Newbie
 
Registered: May 2004
Location: Auckland, NZ
Distribution: Debian Etch
Posts: 19

Rep: Reputation: 0
Apache2 htaccess via PAM Mysql (etch)


After nearly three days sweating on this im now stuck.

I want apache to authenticate access solely via mysql. The new mod-authn-dbd is reputed to be buggy, and the old mod-auth-apache2-mysql is absent in debian etch. So it appears im stuck with pam, which, if no longer maintained, is nearly working.

Oddly, access works when it matchs a /etc/passwd user, which I dont want!. Everything else fails to login, and presents a new login prompt, except where a mysql entry matches, in which case the PAM log (mysql) says:

entry user pid host ts
AUTHENTICATION SUCCESS test 6193 (unknown) 2008-02-28 10:14:24

yet the browser gets:

401 Authorization Required

This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.

and var/log/apache/error.log gets

PAM: user 'ee' - invalid account: User not known to the underlying authentication module


and /var/log/auth.log gets

Feb 28 11:16:21 solarbus1 apache2: pam_mysql - SELECT solarbus.spacepersons.password FROM so
larbus.spacepersons WHERE solarbus.spacepersons.username = 'ee'
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_format_string() called
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_quick_escape() called.
Feb 28 11:16:21 solarbus1 last message repeated 8 times
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - INSERT INTO pamlog (entry, user, host, pid, t
s) VALUES ('AUTHENTICATION SUCCESS', 'ee', '(unknown)', '6193', NOW())
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log() returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_check_passwd() returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_sm_authenticate() returning 0.
Feb 28 11:16:21 solarbus1 apache2: (pam_unix) could not identify user (from getpwnam(ee))
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_release_ctx() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_destroy_ctx() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_close_db() called.


Looks like pam_mysql is oking it but pam_unix is being authoritative. Dont know enough about pam to know why
Any clues appreciated.

Peter

Heres my /etc/pam.d/apache2

auth require pam_mysql.so verbose=1 user=peter passwd=xxxxx host=127.0.0.1 db=solarb
us table=solarbus.spacepersons usercolumn=solarbus.spacepersons.username passwdcolumn=sola
rbus.spacepersons.password crypt=0 sqllog=true logtable=pamlog logmsgcolumn=entry logusercol
umn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=ts

and /var/www/.htaccess

AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthType Basic
AuthName "Intranet"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
require valid-user
 
Old 02-28-2008, 01:51 PM   #2
webwiznz
LQ Newbie
 
Registered: May 2004
Location: Auckland, NZ
Distribution: Debian Etch
Posts: 19

Original Poster
Rep: Reputation: 0
I found out that it only has to match that the username is present as a system user. It does not matter if the password is wrong ,ie

system users:
peter, password pop999

mysql users:
peter, password mum999
jane, password dad888

mod-pam will authenticate for:
peter password mum999

but not for:
jane, password dad888

pam-unix is testing to see that an account exists only. Not actually authenticating. I thought by setting the auth control in pam config to 'sufficient', and remove the includes to common-account and common-auth, and setting htaccess to AuthbasicAuthoratiive to off that this shouldnt happen.

Ive also RTFM and its not too inspiring. "mod_pam is no longer maintained , but it mostly works with apache 1.3 and 2.0"

Given that etch is using 2.2 i guess could be part of the problem?

P.
 
  


Reply

Tags
apache2, debian, etch, mysql, pam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 .htaccess redirect problem raven Linux - Networking 0 08-06-2007 02:35 AM
Apache2 htaccess problem ghostz00 Linux - Server 3 11-26-2006 11:18 PM
Apache2 .htaccess problem suse 10.0 PB0711 Linux - Networking 2 07-12-2006 11:23 AM
apache2 + htaccess + ssl rubella Linux - Security 1 02-07-2006 05:17 AM
Apache2 .htaccess - Unable To Get Password Prompt. magestic Linux - Software 2 10-27-2004 08:49 AM


All times are GMT -5. The time now is 08:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration