[TriLUG] PAM question(s)
David McDowell
turnpike420 at gmail.com
Thu Nov 2 14:08:02 EST 2006
Is this what you want?
http://www.turnpike420.net/linux/Apache_ADS_AuthLDAP.txt
David
On 11/2/06, Paul G. Szabady <Paul at thyservice.com> wrote:
> Greetings,
>
> Is it at all possible to authenticate users via http/.htaccess using their
> Windows AD (native mode) domain accounts without a local user account? I
> have made the following changes and it works fine if there's a local user
> account. I'm trying to stay away from winbind and don't control our AD
> forest, so I'm not sure we can get ldap extensions in the AD.
>
> If this is not possible with the means I've mentioned, can anyone suggest
> any alternatives they've used or seen in use?
>
> This would mainly be on RHEL3 & RHEL4 boxes, although I have two sun
> servers that I need to do something with as well.
>
> In the /etc/httpd/conf/httpd.conf file I added:
> AuthPAM_FallThrough on
> AuthPAM_Enabled on
>
> In the /etc/pam.d/ config files I changed httpd and system-auth to:
>
> [root at server pam.d]# cat httpd
> #%PAM-1.0
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_krb5.so
> auth required /lib/security/$ISA/pam_deny.so
> account required /lib/security/$ISA/pam_krb5.so
> [root at server pam.d]#
>
> [root at server pam.d]# cat system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_krb5.so
> ccache=/tmp/krb5cc_%u
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
> [root at server pam.d]#
>
> Any help would be appreciated!
>
> --
> Paul
> @ Thy Service
>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list