OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: mod_auth_pam patch
From: lance (lancedefinitesoftware.com)
Date: Wed Dec 06 2000 - 06:58:10 CST

I have modified mod_auth_pam to allow for per directory configuration of
the pam authentication to use, either in a .htaccess file or in the
httpd.conf file.

This is done by using a new PAM_Service directive to specify which config
in /etc/pam.d to use - the default being httpd.

We use this where part of our website is only accessible to people who are
either dialled in and authenticated via radius or are in a list of
upgraded users. PAM is the easiest way to achieve this, because of the dynamic
nature of the authentication yet other parts of the website are accessible
to all users, but they need to authenticate against PAM.

I feel that this will be of immense benefit to people who want to use
mod_auth_pam in an environment where different authentication mechanisms
are to be used by different websites or parts of websites - like we do.

I enclose a diff file to patch mod_auth_pam version 1.0a for your
consideration. One point to note is the restriction of servicename to 40
characters, and another is the possible security implication of the
strncpy - both of which are beyond my limited knowledge of Linux C programming and for
which I defer to your greater knowledge and experience.

Lance Davis
uklinux.net

  • TEXT/PLAIN attachment: stored

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list