
   [[1]Index] [[2]Installation] [[3]Configuration] [[4]Frequently Asked
   Questions]

                         mod_auth_pam Configuration

Configuring PAM

   If  you  went  with  the  DSO  installation  above,  a  default  httpd
   configuration  file for mod_auth_pam will have been created for you in
   /etc/pam.d/httpd.  It  should  work  out  of  the  box,  if you kept a
   standard  PAM  installation  (if  you  never  looked at that directory
   before,   thats   probably   the   case).  If  you  modified  you  PAM
   configuration  before,  apply  the  same  changes to the httpd service
   configuration.

   Further information:
     * The   [5]Linux-PAM  System  Administrators'  Guide  describes  the
       service configuration files
     * The   [6]Frequently   Asked   Questions   list   describes  a  few
       pecularities  that  only  happen  with  specific  pam-modules (for
       example, pam_smb)

Apache configuration

   Apache  will  automatically start using mod_auth_pam once you compiled
   it  in.  You  use  the normal directives to configure mod_auth_pam. An
   example  .htaccess  (also  included  as  samples/dot-htaccess  in  the
   distribution) might look like
        AuthType Basic
        AuthName "secure area"
        require group staff
        require user webmaster

   which would result in the protected directory being accessible only by
   members  of  the  "staff"  group and by the user "webmaster". For more
   information, see [7]AuthType, [8]AuthName and [9]require.

      Configuration Directives

   Because   a  server  might  contain  several  authentication  modules,
   mod_auth_pam  includes  directives  to  improve interaction with other
   authentication modules.

   AuthPAM_Enabled
          Syntax: AuthPAM_Enabled on or off
          Default: AuthPAM_Enabled on
          Context: directory, .htaccess
          This directive turns mod_auth_pam on or off. If turned off, the
          server will behave as if mod_auth_pam is not there.

   AuthPAM_FallThrough
          Syntax: AuthPAM_FallThrough on or off
          Default: AuthPAM_FallThrough off
          Context: directory, .htaccess
          Access  policy  if  a  username is not found. This directive is
          usefull  if multiple authentication modules are used. In case a
          given  username  is not found by mod_auth_pam, normal behaviour
          is  to  directly  return  an  error to the user, thus bypassing
          other  authentication modules. Switching AuthPAM_Fallthrough on
          will   make   Apache   ask   other  authentication  modules  if
          mod_auth_pam can't find the user.

References

   1. http://pam.sourceforge.net/mod_auth_pam/
   2. http://pam.sourceforge.net/mod_auth_pam/install.html
   3. http://pam.sourceforge.net/mod_auth_pam/configure.html
   4. http://pam.sourceforge.net/mod_auth_pam/faq.html
   5. http://www.de.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html
   6. http://pam.sourceforge.net/mod_auth_pam/faq.html
   7. http://www.apache.org/docs/mod/core.html#authtype
   8. http://www.apache.org/docs/mod/core.html#authname
   9. http://www.apache.org/docs/mod/core.html#require
