0

I'm trying for 2 days now to write a custom PAM script which authenticates under Linux with sys user and pass.

I made examples in C, Python and Perl but I have the same problem with all of them.

When I test the script in my shell everything works well.

I test them with 

# ./script;echo $?

And get 0 or 1 back.

But as soon as I try to use it with mod_authz_external and Apache it stops working.

Even with a valid user I get an 1 back and are not able to log in.

It seems that there is a problem with PAM and maybe the Apache environment.

I read somewhere that I have to set the environment variables to use PAM but I have no clue how.

Here are examples in C, Perl and Python:

C: http://pastebin.com/v9Yn9xvK

Perl: http://pastebin.com/cqzqztYg

Python: http://pastebin.com/32cvvCjS

Choose whatever you like, they work all the same... returning the exit code 0 or 1.

Every help or hint would be appreciated.

Thanks!

Nico
  • 1,071
  • 1
  • 23
  • 39
  • I ended up changing the sourcecode of pwauth (https://code.google.com/p/pwauth/) to my needs. But I´m still curious why my attempts are not working. I think I will try to compare the pwauth sourcecode with my C solution... – Nico Feb 12 '14 at 23:22

1 Answers1

0

If you're authenticating a system user with PAM, then it's going to go through libpam_unix.so. From the manpage of pam_unix:

A helper binary, unix_chkpwd(8), is provided to check the user's password when it is stored in a read protected database. This binary is very simple and will only check the password of the user invoking it.

So if you want to authenticate users from a webserver, you're most likely running as user 'apache' or something like that. All pam_unix can do for you is authenticate user 'apache', which is most likely not what you want. pwauth must somehow bypass this restriction.

jxqz
  • 119
  • 1
  • 8