Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
After nearly three days sweating on this im now stuck.
I want apache to authenticate access solely via mysql. The new mod-authn-dbd is reputed to be buggy, and the old mod-auth-apache2-mysql is absent in debian etch. So it appears im stuck with pam, which, if no longer maintained, is nearly working.
Oddly, access works when it matchs a /etc/passwd user, which I dont want!. Everything else fails to login, and presents a new login prompt, except where a mysql entry matches, in which case the PAM log (mysql) says:
entry user pid host ts
AUTHENTICATION SUCCESS test 6193 (unknown) 2008-02-28 10:14:24
yet the browser gets:
401 Authorization Required
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.
and var/log/apache/error.log gets
PAM: user 'ee' - invalid account: User not known to the underlying authentication module
and /var/log/auth.log gets
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - SELECT solarbus.spacepersons.password FROM so
larbus.spacepersons WHERE solarbus.spacepersons.username = 'ee'
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_format_string() called
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_quick_escape() called.
Feb 28 11:16:21 solarbus1 last message repeated 8 times
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - INSERT INTO pamlog (entry, user, host, pid, t
s) VALUES ('AUTHENTICATION SUCCESS', 'ee', '(unknown)', '6193', NOW())
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log() returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_check_passwd() returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_sm_authenticate() returning 0.
Feb 28 11:16:21 solarbus1 apache2: (pam_unix) could not identify user (from getpwnam(ee))
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_release_ctx() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_destroy_ctx() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_close_db() called.
Looks like pam_mysql is oking it but pam_unix is being authoritative. Dont know enough about pam to know why
Any clues appreciated.
I found out that it only has to match that the username is present as a system user. It does not matter if the password is wrong ,ie
peter, password pop999
peter, password mum999
jane, password dad888
mod-pam will authenticate for:
peter password mum999
but not for:
jane, password dad888
pam-unix is testing to see that an account exists only. Not actually authenticating. I thought by setting the auth control in pam config to 'sufficient', and remove the includes to common-account and common-auth, and setting htaccess to AuthbasicAuthoratiive to off that this shouldnt happen.
Ive also RTFM and its not too inspiring. "mod_pam is no longer maintained , but it mostly works with apache 1.3 and 2.0"
Given that etch is using 2.2 i guess could be part of the problem?