Archive for November 2007
This post demonstrates how to authenticate Apache 2.2 web users against a Windows NT or Windows 2000 Domain using the PAM module pam_smb instead of perl. This is also useful if, for example, you want to use linux /etc/groups to control access or you do not want to enable perl in your Apache installation
These instructions are for Apache 2.2 - the authentication is slightly different in Apache 2.2, and requires a few extra lines in th httpd.conf which are not needed in Apache 2.0
You will need:
- Apache 2.2 httpd.apache.org/docs/2.2/
- pam_smb www.csn.ul.ie/~airlied/pam_smb/
- mod_auth_pam pam.sourceforge.net/mod_auth_pam/
Tested using Gentoo Linux: http://www.gentoo.org/
Configure and install pam_smb
Note pam_smb has a daemon which must be running in order for authentication to occur. pam_smb has one configuration file /etc/pam_smb.conf which contains two lines
<<DOMAINNAME>>
<<IPOFDOMAINCONTROLLER>>
To run the pam_smb daemon and ensure it starts at bootup use:
rc-update add pamsmbd default
/etc/init.d pamsmbd start
Configure mod_auth_pam
create the file: /etc/pam.d/apache2
#%PAM-1.0
auth required pam_smb_auth.so debug
account include system-auth
session include system-auth
Configure Apache Virtual Hosts
Inside httpd.conf or similar (such as /etc/apache2/vhosts.d/00_default_vhost.conf)
<Location "/myprotecteddirectory">
AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthType Basic
AuthName "MyApacheWeb"
Require group webuser
</Location>
