Can someone explain the changes in the system PAM setup for Centos5 vs.
earlier verions? I have servers configured to use SMB authentication
against a Windows domain controller so I don't have to deal with
separate passwords. That still works the same for users that actually
have local accounts. However, on some machines I also build the
mod_auth_pam module for apache and use an /etc/pam.d/httpd file like:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_permit.so
The 'account' line is supposed to let anyone in, even if they don't
have
any local account info so everyone with a domain login/password can
access the password protected web pages.
On Centos5, apache authentication with mod_auth_pam still requires a
local account. I think this entry in /etc/pam.d/system-auth may be the
problem:
auth requisite pam_succeed_if.so uid >= 500 quiet
Does that mean pam is going to fail if it can't find account info during
the auth phase? How can I make apache use all the system-auth ways to
check a password without necessarily needing a local account? (If
someone does have a local account with a local password, I want that to
work too).
--
Les Mikesell
lesmikesell at gmail.com
