[OpenAFS] Re: Authentication weirdness

Tino Schwarze tino.schwarze@informatik.tu-chemnitz.de
Fri, 1 Nov 2002 07:36:30 +0100


On Wed, Oct 30, 2002 at 02:00:02PM -0500, Chris Snyder wrote:

> > Is there any reason that the modified mod_auth_pam available at
> > /afs/tu-chemnitz.de/openafs/AddOn/mod_auth_pam/ 
> > does not work for you?

> What versions of Apache will this work with? I'm running 1.3.27 (latest 
> 1.x series).

It's designed for 1.x (and it's pretty old but It Works For Me(tm)).

> Also, I haven't configured my machines to have access to the global
> AFS filespace. Is there any other place I can download this? Thanks in
> advance.

Oh, I actually figured out the URL but forgot to include it. Here it is:
http://www.tu-chemnitz.de/urz/afs/openafs/download/AddOn/mod_auth_pam/

I also built some RPMs:
http://www-user.tu-chemntiz.de/~tisc/mod_auth_pam-1.0a-3.afs.i386.rpm
http://www-user.tu-chemntiz.de/~tisc/mod_auth_pam-1.0a-3.afs.src.rpm

This particular mod_auth_pam supports a "PAM_SetCred on" configuration
directive (inside .htaccess etc.) which allows a request to be processed
with a token from the requesting user. This is particularly useful for
database access on insecure servers - the database passwords etc. can be
stored in a directory where only authorized users can read (and not even
the webserver authenticated via IP or token).

Bye, Tino.

-- 
             * LINUX - Where do you want to be tomorrow? *
                  http://www.tu-chemnitz.de/linux/tag/