mod_auth_pam Configuration

Configuring PAM

If you went with the DSO installation above, a default httpd configuration file for mod_auth_pam will have been created for you in /etc/pam.d/httpd. It should work out of the box, if you kept a standard PAM installation (if you never looked at that directory before, thats probably the case). If you modified you PAM configuration before, apply the same changes to the httpd service configuration.

Further information:

Apache configuration

Apache will automatically start using mod_auth_pam once you compiled it in. You use the normal directives to configure mod_auth_pam. An example .htaccess (also included as samples/dot-htaccess in the distribution) might look like
	AuthType Basic
	AuthName "secure area"
	require group staff
	require user webmaster
which would result in the protected directory being accessible only by members of the "staff" group and by the user "webmaster". For more information, see AuthType, AuthName and require.
Configuration Directives

Because a server might contain several authentication modules, mod_auth_pam includes directives to improve interaction with other authentication modules.

AuthPAM_Enabled
Syntax: AuthPAM_Enabled on or off
Default: AuthPAM_Enabled on
Context: directory, .htaccess

This directive turns mod_auth_pam on or off. If turned off, the server will behave as if mod_auth_pam is not there.

AuthPAM_FallThrough
Syntax: AuthPAM_FallThrough on or off
Default: AuthPAM_FallThrough off
Context: directory, .htaccess

Access policy if a username is not found. This directive is usefull if multiple authentication modules are used. In case a given username is not found by mod_auth_pam, normal behaviour is to directly return an error to the user, thus bypassing other authentication modules. Switching AuthPAM_Fallthrough on will make Apache ask other authentication modules if mod_auth_pam can't find the user.


Copyright © 2000 by Ingo Lütkebohle