Apache 2 and HTTP Authentication with PAM

There are 2 ways(at least that I know of) to get Apache 2 to use PAM for http auth:

  • Old mod_auth_pam, which I believe is not developed anymore and also posses some security risks
  • Newer mod_authnz_external and pwauth

This little write up shows how to get Apache and PAM going on Ubuntu using the mod_authnz_external.
To get started, let’s install some packages:

sudo apt-get install libapache2-mod-authnz-external pwauth
sudo apt-get install libapache2-mod-authz-unixgroup
sudo a2enmod authnz_external authz_unixgroup

Edit config file for the Virtual Host you’d like to get them PAM-based HTTP Authentication going, such that it contains the following clause:


<IfModule mod_authnz_external.c>
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
</IfModule>

And the final bit of configuration goes to your Directory definition inside of vhost block:

<Directory /var/www/yourlocation>
AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider external
AuthExternal pwauth
Require user john

# some other configuration statements
</Directory>

This will allow user john to access the resource.

Now if you also want to have PAM authentication by users group you’ll need to make few extra steps. Missing bit of puzzle here is called ‘unixgroup’ script and for some reason it is not in Ubuntu’s pwauth package where it ought to be. You will need to grab it from here and copy it over to /usr/sbin/unixgroup and make it executable. Here is a quick snippet to do that:


wget "http://pwauth.googlecode.com/files/pwauth-2.3.9.tar.gz"
tar xzvf ./pwauth-2.3.9.tar.gz
sudo cp pwauth-2.3.9/unixgroup /usr/sbin/
sudo chmod a+x /usr/sbin/unixgroup

Once that’s done, you’ll need to few more lines to you Virtual Host config, so it will look something like this:

<IfModule mod_authnz_external.c>
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
AddExternalGroup unixgroup /usr/sbin/unixgroup
SetExternalGroupMethod unixgroup environment

</IfModule>

<Directory /var/www/yourlocation>
AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider external
AuthExternal pwauth
GroupExternal unixgroup
Require user john# some other configuration statements
</Directory>

Hopefully this is helpful to someone besides myself :) Let me know if you got stock somewhere along the way.

34 thoughts on “Apache 2 and HTTP Authentication with PAM

  1. Pingback: Security for Ubuntu 12.04 and ISPConfig | Linux Master

  2. Pingback: Apache 2 and HTTP Authentication with PAM | Jerry's Home

  3. Pingback: 使用 PAM 作為 Apache Basic 驗證 | ATI的硬體&攝影網誌

  4. Hi, thx very much for that tutorial. I am using it on my linux machine. Since then I am very happy for not having two password stores.

    But this PAM module is damn slowly when loading directory listing compared to htpasswd-files…any solution/improvemts?

    • Hi there,

      To be honest I haven’t really encountered any dramatic slowdown compared to straight up htpasswd file, but I didn’t use this solution on any heavy load systems either. I remember seeing another approach to this using perl module of a sort, but I can’t remember know what it was called.

  5. Thank you, good explanation. I used yours for my raspberry server and owncloud.

    But don’t forget to have NCSD running

    Name Service Cache Daemon service

    This caches the authentications on the server (server-side). Otherwise, pam auth is rather slow (especially when navigating through folder indexes) because un-passwd check is performed for each access (done in background by your browser/client-side).

  6. Pingback: Ubuntu:Providing HTTPS access to multi-user SFTP server – Ubuntu Linux Questions

  7. Hello,

    The group version does not work for me.

    I have the following error message in apache2′s error.log :
    AH01664: No group file was specified in the configuration

    Have you some ideas ?

    Thanks

  8. Hi,

    thanks for this HowTo. It saved my day after a complete server crash and rebuild. Prior to this rebuild we have used Apache 2.2 and the old config did not work with 2.4. An updated version with PAM also did not work. Now everything is back on track. We use it for authentication to our SVN repositories.

  9. Hello there,

    i installed the version for one User, everthing is fine. Is there a way to authentificate all linux server users? so i have some sites where everyone of the company can access and some where only some users can access (some users is already explained :) )

    Thank you very much :)

  10. If you have them delivered simply keep in mind that at some time you will
    need to return them in the message. Some of the major cable business
    are currently doing immediate downloading likewise pay-per-view being one of one of the most popular given that
    its beginning. Your selections of how to get flicks are almost
    as varied as the variety of motion pictures themselves. Nowadays you can even buy movies on your computer and also legitimately melt them to DVD!

    Not only are there great deals of options
    for exactly how to get your films, but the sources of these flicks (as well as a lot of TELEVISION
    shows) currently consist of almost all of the major animation studio.
    They will normally contract out to internet suppliers to give the solutions for anybody who
    owns a COMPUTER and also is connected to the web, making instantaneous motion pictures simpler than ever before for the stay at residence family!
    You might even discover that if you stay in and also do activities with
    your family members, such as flick time in the house, your relative will certainly begin to reconnect.

    Do not neglect, the weather will certainly soon clear out therefore will the household.
    Take advantage of the possibility to reconnect with each other during movie time in the house before they
    all scuttle out the door until next winter months!

  11. Hi everyone!
    Yesterday my freind send me this excellent site, where you can find any girl from your neighbourhood – http://bit.ly/datingchicks222

    Go check it out, before it’s to late! Girls are waiting for you..

    Good luck for all of you, my friends!

  12. pics At present It can be very easy to get lost in ocean of porn Web-sites, In particular free ones. The majority of them overloaded by advertising, which interferes you take pleasure in of viewing and all the time frustrating you.

    Photoshoped faux pictures are by now a discomfort For several years. Extra recently, deepfakes can be used to produce phony celebrity porn video clips and for revenge porn.

    The app was truly free, however you needed to spend a one time rate of $fifty for the ability to eliminate the watermark and export the processed pictures. Even though the developer disables the download inbound links, malware infested copies are circulating by way of many torrent trackers and social medias.

    Deep nude is an application that undresses the person during the photo. The programmer has developed an algorithm that “gets rid of” the garments with illustrations or photos of ladies.

    , simply because a few-foot-deep h2o hardly ever gets cold adequate for making nipples stand as business and erect as Jacqueline Bisset’s in The Deep

    One modern example is an Procedure that focused torrent site buyers to plant GoBot2 backdoor on their own systems.

    boobs    blowjob    sexpov    pussy    porn    bollywood    emma watson    topless    straight sex    kpop    strip    vibrator    webcam    2 times    nude    bbc    cowgirl    asmr    big tits    masturbation    dildo    hollywood    kpopdeepfakes    naked    handjob    cumshot    bj    solo    cum on tongue    joi    tits    deepfake    anal    gal gadot    twitch    pov    filthy speak    tease    fuck    facial    doggy    small tits    korean    margot robbie    sexual intercourse    youtuber    swallow    stockings    deepfakekpop    interracial    Exhibit All Tags MrDeepFakes has the biggest phony superstar porn assortment. Pretty much countless superstar XXX options and celebrity fakes

    You don’t have to obtain taken nude photos to own your nudes leaked on the net On this age. A programmer has created an application named DeepNude which might get rid of outfits from pictures of absolutely clothed Women of all ages with a straightforward push of a button. The ensuing photos are really reasonable at the same time.

    On June 27th, DeepNude builders declared the closure of your task. To begin with, they made the program just for entertainment, but following the news regarding the neural community started to unfold promptly, and demand grew by many moments, the authors made the decision that they did not want to get paid in this manner. They were ashamed because of the moral side of the issue.

    This Web-site takes advantage of cookies to improve your knowledge As you navigate by the web site. Out of such cookies, the cookies that happen to be categorized as important are saved in your browser as These are as important for the Performing of primary functionalities of the website.

    Sexual intercourse.com is updated by our users Group with new Deep Videos each day! Now we have the largest library of xxx Videos on the net.

    Alberto told Motherboard that his application relies on pix2pix, an open-source algorithm produced by College of California, Berkeley scientists in 2017.

    Hack DeepNude application + direct download link has most recent built-in functions and like a reward we included some awesome methods that can be described in notes.txt file just after installation.

    Alright so a bit connected but i have visuals saved from instagram of about 2000 women or so, about 40gb. IS there some type of tensorflow algorithm or something which i could use to discover faces in the pictures, tag them after which you can amount their attractiveness?

    deepnude example

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>