Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I think its coming down to the fact that httpd is on a port which is greater than 1024 and there is something in ypserv.conf about restricting getting shadow.byname to high port number requests. snipit from /etc/ypserv.conf # Not everybody should see the shadow passwords, not secure, since # under MSDOG everbody is root and can access ports < 1024 !!! * : * : shadow.byname : port * : * : passwd.adjunct.byname : port I need to do more research on ypserv.conf... Matthew Gillen wrote: > It doesn't seem like this should make a difference, but here's what mine looks > like: > $ cat /etc/pam.d/httpd > #%PAM-1.0 > auth include system-auth > account include system-auth > # Comment out the previous account line and uncomment the following line if > # you wish to allow logins that don't have a system account > #account required pam_permit.so > > > Stephen Adler wrote: > >> I'm running red hat enterprise linux 4. >> >> >> [root at qmt0 init.d]# cat /etc/pam.d/httpd >> #%PAM-1.0 >> auth required /lib/security/pam_unix.so >> account required /lib/security/pam_unix.so >> >> it is there.... >> >> Matthew Gillen wrote: >> >>> What distro are you using? Fedora Extras has an mod_auth_pam package >>> that >>> works out of the box for me with NIS. >>> >>> Looking at the file listing for that package, it seems that there is a >>> file it >>> adds: >>> /etc/pam.d/httpd >>> >>> Do you have that file? >>> >>> Matt >>> >>> Stephen Adler wrote: >>> >>> >>>> I'm trying to get mod_auth_pam working using NIS and I'm having a bit of >>>> a problem. >>>> I've downloaded mod_auth_pam, (mod_auth_pam-2.0-1.1.1.tar.gz) and did >>>> the required >>>> make; make install. >>>> >>>> I added the lines >>>> >>>> # loading mod_auth_pam module. SA - Fri Aug 18th, 2006 >>>> LoadModule auth_pam_module modules/mod_auth_pam.so >>>> LoadModule auth_sys_group_module modules/mod_auth_sys_group.so >>>> >>>> to the /etc/httpd/conf/httpd.conf file >>>> >>>> and restarted httpd. This worked all ok. I then created a directory >>>> /usr/local/www/adler >>>> and put an index.html file there. I also created a file localusers.conf >>>> with the following >>>> text >>>> # >>>> # Local qmp users web directories >>>> # >>>> >>>> Alias /adler /usr/local/www/adler >>>> <Directory /usr/local/www/adler> >>>> AuthType Basic >>>> AuthName "secure area" >>>> # require group adler >>>> require user adler >>>> </Directory> >>>> >>>> and put that in /etc/httpd/conf.d directory >>>> >>>> Finally I surfed to http://localhost/adler and the username password >>>> authorization window >>>> pops up. I put in my user name and password and the authorization fails. >>>> The following >>>> text shows up in the /var/log/messages file >>>> >>>> >>>> Aug 18 10:48:50 qmt0 ypserv[19665]: refused connect from >>>> 172.17.1.2:34502 to procedure ypproc_match >>>> (quantummoleculartech.com,shadow.byname;-1) >>>> Aug 18 10:48:50 qmt0 httpd(pam_unix)[19463]: authentication failure; >>>> logname= uid=48 euid=48 tty= ruser= rhost= user=adler >>>> >>>> >>>> So, pam authentication is being enabled, but ypserv is refusing the >>>> connection. I've removed /var/yp/securenets file and have restarted >>>> ypserv. >>>> >>>> Any ideas? >>>> >>>> Cheers. Steve. >>>> _______________________________________________ >>>> Discuss mailing list >>>> Discuss at blu.org >>>> http://olduvai.blu.org/mailman/listinfo/discuss >>>> >>>> >>> >>> > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://olduvai.blu.org/mailman/listinfo/discuss > >
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |