0

I'm trying to set up HTTP Basic auth with PAM on Apache (running on Ubuntu 10.04).

I have a VirtualHost setup with SSL and the options below for HTTP Basic authentication:

AuthBasicAuthoritative off AuthPAM_Enabled On AuthType Basic AuthName "PAM" require valid-user

However, PAM refuses to log me in, despite having the right credentials.

Here's what I have in auth.log:

unix_chkpwd[25522]: password check failed for user (test) apache2: pam_unix(apache2:auth): authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=XX.XX.XX.XX user=test

Could this be related to HTTPS sending the encrypted password to Apache, and Apache failing to decrypt it somehow, instead sending it directly to PAM?

Help is greatly appreciated.

Improve this question

1 Answer 1

Reset to default
0

Most likely you are using file-based name services and apache cannot read /etc/shadow.

Improve this answer
3
  • yes indeed, but wouldn't the system be designed to work without giving Apache read permissions to /etc/shadow, which is highly insecure? Commented May 3, 2011 at 18:21
  • Yes, it is insecure to allow apache to read /etc/shadow. That's why mod_auth_pam isn't used; rather, mod_auth_external is. Commented May 3, 2011 at 18:52
  • Thanks, your suggestion to use mod_auth_external turned out fine, although the documentation is pretty confusing. Still, working as expected. Thank you Commented May 3, 2011 at 23:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.