How to get mod_auth_pam running on Apache 2.2.x.

Posted on by

mod_auth_pam is not supported and/or developed any longer and the latest available version works only with apache 2.0.x. The new apache 2.2 uses a new authentication mechanism and the old mod_auth_pam does not work, if you only install it to your local apache and use it with the follow configuration:

  1.  AuthPAM_Enabled On
  2.   AuthPAM_FallThrough Off
  3.   AuthType Basic
  4.   AuthName "Testingarea"

You have to turn off the new apache 2.2 basic authentication to get the module up and running. You can do this in two different ways. The first one is to disable the hole module, the second and better one is to disable it through a directive.

For the first solution, you can use the tool a2dismod to disable the module mod_auth_basic.

For the second way, you have to add this lines to the configuration above.

  2. AuthPAM_Enabled On
  3. AuthPAM_FallThrough Off
  4. AuthBasicAuthoritative Off

In the second way, the error.log of apache shows the following lines:

  1. [Wed Feb 21 20:01:35 2007] [error] Internal error: pcfg_openfile() called with NULL filename
  2. [Wed Feb 21 20:01:35 2007] [error] [client 192.168.0.201] (9)Bad file descriptor: Could not open password file: (null)

The positive message is: you can ignore them ;-) It means, that the mod_auth_pam does not register an AuthBasicProvider and therefore it is null and crashes. Not nice, but it works.

Be Sociable, Share!

8 thoughts on “How to get mod_auth_pam running on Apache 2.2.x.

  1. Thanx, for the detailed information on how to get the PAM plugin to work again and saving me a lot of time figuring out this weird pcfg_openfile() error.

  2. Thanks for the info, you saved me lots of head scratching. Also I found if you add the directive (in addition to your second method):

    AuthUserFile /dev/null

    the error messages are no longer added to the apache log file.

  5. Not working for me. Anyone else experiencing this?

    Fedora 8 – Apache/2.2.6

    AuthPAM_Enabled On
    AuthPAM_FallThrough Off
    AuthBasicAuthoritative Off
    AuthType Basic
    AuthName “Testingarea”
    require group staff

    If I’m missing something please email.

  8. Don’t forget to give apache user (usually nobody or www-data) read perms to /etc/shadow file adding that user to the shadow group:
    usermod -G shadow www-data
    or
    usermod -G shadow nobody

Leave a Reply

Your email address will not be published. Required fields are marked *

*

CAPTCHA-Bild

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>