[OpenAFS] Re: Authentication weirdness
Chris Snyder
csnyder@mvpsoft.com
Sat, 02 Nov 2002 15:21:11 -0500
> Oh, I actually figured out the URL but forgot to include it. Here it is:
> http://www.tu-chemnitz.de/urz/afs/openafs/download/AddOn/mod_auth_pam/
>
> I also built some RPMs:
> http://www-user.tu-chemntiz.de/~tisc/mod_auth_pam-1.0a-3.afs.i386.rpm
> http://www-user.tu-chemntiz.de/~tisc/mod_auth_pam-1.0a-3.afs.src.rpm
>
> This particular mod_auth_pam supports a "PAM_SetCred on" configuration
> directive (inside .htaccess etc.) which allows a request to be processed
> with a token from the requesting user. This is particularly useful for
> database access on insecure servers - the database passwords etc. can be
> stored in a directory where only authorized users can read (and not even
> the webserver authenticated via IP or token).
It still isn't working. I get the following error message in my logs:
[Sat Nov 2 15:00:46 2002] [error] (13)Permission denied: access to
/mvpsoft failed for 64.105.236.211, reason: Authentication service
cannot retrieve authentication info.
Here's my httpd pam file:
#%PAM-1.0
auth required pam_stack.so service=system-auth
#auth required pam_shells.so
#auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
This is basically my login pam file, with a couple of lines commented out.
Also, the PAM_SetCred on command gets rejected by Apache as not being
supported (server error).
Any idea why this still isn't working? Thanks in advance.