0

I'm trying to set up HTTP Basic auth with PAM on Apache (running on Ubuntu 10.04).

I have a VirtualHost setup with SSL and the options below for HTTP Basic authentication:

AuthBasicAuthoritative off
AuthPAM_Enabled On
AuthType Basic
AuthName "PAM"
require valid-user

However, PAM refuses to log me in, despite having the right credentials.

Here's what I have in auth.log:

unix_chkpwd[25522]: password check failed for user (test)
apache2: pam_unix(apache2:auth): authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=XX.XX.XX.XX user=test

Could this be related to HTTPS sending the encrypted password to Apache, and Apache failing to decrypt it somehow, instead sending it directly to PAM?

Help is greatly appreciated.

Andrei
  • 463
  • 2
  • 5
  • 12

1 Answers1

0

Most likely you are using file-based name services and apache cannot read /etc/shadow.

Mark Wagner
  • 17,764
  • 2
  • 30
  • 47
  • yes indeed, but wouldn't the system be designed to work without giving Apache read permissions to `/etc/shadow`, which is highly insecure? – Andrei May 03 '11 at 18:21
  • Yes, it is insecure to allow apache to read `/etc/shadow`. That's why mod_auth_pam isn't used; rather, mod_auth_external is. – Mark Wagner May 03 '11 at 18:52
  • Thanks, your suggestion to use mod_auth_external turned out fine, although the documentation is pretty confusing. Still, working as expected. Thank you – Andrei May 03 '11 at 23:36