Saifa Saifa | 5 Apr 19:12 2005
Picon

mod_auth_pam and apache

Hi

I am trying to allow system users (/etc/shadow) to
access certain directories of apache using PAM.
mod_auth_pam is properly installed. I changed the
group of /etc/shadow  to shadow-users and correctly
entered "Group shadow-users" in httpd.conf. Apache is
starting properly. When I am accessing
http://localhost/restricted, browser is prompting to
enter  login and password, but not accepting any login
or passwd for any user.

httpd/error.log says
[error] [client 127.0.0.1] PAM: user 'saifamsc' - not
authenticated: Authentication failure.

It happens with every user

I changed group of /etc/shadow with the following cmd
chgrp shadow-users /etc/shadow 

The httpd.conf part

<Directory /var/www/html/family>
AuthPAM_Enabled on
AllowOverride None
AuthName "Family Secrets"
AuthType "basic"
require valid-user
</Directory>
(Continue reading)

Kenneth Porter | 5 Apr 22:22 2005

Re: mod_auth_pam and apache

--On Tuesday, April 05, 2005 6:12 PM +0100 Saifa Saifa 
<saifamsc <at> yahoo.co.in> wrote:

> I changed the
> group of /etc/shadow  to shadow-users and correctly
> entered "Group shadow-users" in httpd.conf.

Permissions of /etc/shadow include the 040 (g+r) bit?
Les Mikesell | 5 Apr 22:46 2005

Re: mod_auth_pam and apache

On Tue, 2005-04-05 at 12:12, Saifa Saifa wrote:

> I am trying to allow system users (/etc/shadow) to
> access certain directories of apache using PAM.
> mod_auth_pam is properly installed. I changed the
> group of /etc/shadow  to shadow-users and correctly
> entered "Group shadow-users" in httpd.conf. Apache is
> starting properly. When I am accessing
> http://localhost/restricted, browser is prompting to
> enter  login and password, but not accepting any login
> or passwd for any user.

> I changed group of /etc/shadow with the following cmd
> chgrp shadow-users /etc/shadow 

Did you also make the file group-readable with:
chmod g+r /etc/shadow
or an equivalent?

--

-- 
  Les Mikesell
   les <at> futuresource.com
Saifa Saifa | 6 Apr 20:32 2005
Picon

Re: mod_auth_pam and apache

Hi
--- Les Mikesell <les <at> futuresource.com> wrote:

> 
> 
> > I changed group of /etc/shadow with the following
> cmd
> > chgrp shadow-users /etc/shadow 
> 
> Did you also make the file group-readable with:
> chmod g+r /etc/shadow
> or an equivalent?
> 

It worked. Thanks for the suggestion.But it also
required to disable selinux enforcement policy.

Saifamsc

________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
`VL | 9 Apr 09:20 2005
Picon

Which limits work currently (limits.conf) ?

I tried to setup rss memory limit in /etc/security/limits.conf , and
had no success.

processes seemed to ignore this. I`v searched Google and found this thread:

http://lists.debian.org/debian-user/2001/03/msg04280.html

In short, it is about that not all things in /etc/security/limits.conf
works for linux kernel.

Does anyone knows what limits works NOW on 2.4.29 kernel ? Does
situation changed in 2.6 ?

Second, question about cpu limit: value must be given in minutes... -
so, what does mean for example value of
2 minutes for user 'john', running bash ? shell will be killed after 2
minutes, being logged? or what ?
Bob Mancker | 14 Apr 08:57 2005
Picon

Regarding pppd with pam authentication and pptpd

I am currently working on a vpn server, and I use pptpd with pppd and
trying to get pam working. I want to setup pam authentication because
I want to limit simulatenous logins per user to 1.
[root <at> box pam.d]# pptpd --version
Poptop v1.2.1
pppd version 2.4.3

/etc/pam.d/ppp contains:

#%PAM-1.0
#auth       required    pam_login.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
#auth    required  pam_permit.so
#auth    required  pam_warn.so
 --- #comments for testing purposes

/etc/pptpd.conf contains:
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.222.1
remoteip 192.168.222.2-250

/etc/ppp/options.pptpd contains:
[root <at> rickp4a pam.d]# cat /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
(Continue reading)

Josiah Ritchie | 14 Apr 15:18 2005
Picon

PAM and Biometrics

Does anyone know of any development towards a BioAPI gateway with PAM?
For that matter, any biometric based interface?

Thanks,
JSR/
ze povinho | 14 Apr 18:29 2005
Picon

mkhomedir and deep directories

Hi,
I would Like to know how can i make pam_mkhomedir module to do more
than one level of directories like
"/home/class01/departmant01/user01". at the moment i can make it work
with just one leve like /home/user01 , if this is not possibel what
are the alternatives ?
thanks.
Martin | 15 Apr 01:05 2005
Picon

Re: Which limits work currently (limits.conf) ?

> Second, question about cpu limit: value must be given in minutes... -
> so, what does mean for example value of
> 2 minutes for user 'john', running bash ? shell will be killed after 2
> minutes, being logged? or what ?
It means if any process of their's reaches more than 2 minutes of
compute time it will be killed automatically.  This is compute time
though, not wall clock time.  (user and sys as recorded by time rather
than real).

HTH

Cheers,
 - Martin

--

-- 
Martin
inkubus <at> interalpha.co.uk
"Seasons change, things come to pass"
Bob Mancker | 15 Apr 08:41 2005
Picon

Problems with pptp / freeradius / ppp / pam...

Ok, I have the following files available here:
http://xhost.ath.cx:81/list/
[   ] dictionary              15-Apr-2005 02:07  7.5K  
[   ] dictionary.microsoft    14-Apr-2005 23:07  2.6K  
[   ] options.pptpd           14-Apr-2005 23:07  178   
[   ] radiusd.conf            14-Apr-2005 23:07   56K  
[   ] users                   14-Apr-2005 23:07  6.8K  

I am trying to setup either pam authentication, or just regular plain
text authentication. Ok, let's start with the problems with pam first.
I added a user test via adduser test. Then I changed the password to
testpass. Now let me test it with radtest:
[root <at> server ppp-2.4.3]# radtest test testpass localhost 1873 testing123
Sending Access-Request of id 239 to 127.0.0.1:1812
        User-Name = "test"
        User-Password = "testpass"
        NAS-IP-Address = rickp4a.inscyber.net
        NAS-Port = 1873
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=239, length=20

Ok, cool, now let me try it from my windows xp box and the built in
vpn client.. doesn't work: In radiusd -X I get:
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "unix" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.

And in /var/log/messages I get:
(Continue reading)


Gmane