[OpenAFS] mod_auth_pam: Patch for session and credential support

Berthold Cogel cogel@rrz.uni-koeln.de
Thu, 07 Jul 2005 15:47:19 +0200


I just submitted a patch for mod_auth_pam. 

This patch enables mod_auth_pam to create a PAM session and to use PAM 
credentials for a request. The behavior can be configured per directory 
with the directive AuthPAM_SetCred (on|off, default is off). If on, 
pam_open_session and pam_setcred will be called. This is useful on AFS 
if you need the AFS-Token during the request. In this case the logger 
function is used to destroy the token.
The PAM handle is stored for each request in a memory pool that is 
allocated for this request and automatically removed after the request 
is done and the session has been closed.

The original patch was written for mod_auth-Pam for Apache 1.3 at the TU 
Chemnitz. We modified it for mod_auth_pam for Apache 2.

The patch can be used for the original mod_auth_pam for Apache 2 and for 
the patched version with the PAM servicename as a configuration option 
(which I find very useful, see 
With this you can use different PAM configurations for each virtual 
server or directory.

I'm new to PAM, AFS and Apache programming and my C is rusty, so 
feedback is welcome.

Berthold Cogel