Total de visualizações de página

segunda-feira, 18 de abril de 2016

Basic Auth + PAM


Basic Auth + PAM
2014/09/08
 
Limit accesses on specific web pages and use OS users for authentication with SSL connection.
[1]
[2]Download the latest mod-auth-external and pwauth from the site below.
  ⇒ https://code.google.com/p/mod-auth-external/
  ⇒ https://code.google.com/p/pwauth/
For example, set Basic Auth under the [/var/www/html/auth-pam] directory.
[root@www ~]# 
yum -y install httpd-devel pam-devel gcc make
[root@www ~]# 
curl -L -O https://mod-auth-external.googlecode.com/files/mod_authnz_external-3.3.2.tar.gz 

[root@www ~]# 
curl -L -O https://pwauth.googlecode.com/files/pwauth-2.3.11.tar.gz
[root@www ~]# 
tar zxvf mod_authnz_external-3.3.2.tar.gz 

[root@www ~]# 
cd mod_authnz_external-3.3.2 

[root@www mod_authnz_external-3.3.2]# 
apxs -c mod_authnz_external.c 

[root@www mod_authnz_external-3.3.2]# 
apxs -i mod_authnz_external.la 

[root@www mod_authnz_external-3.3.2]# 
cd 

[root@www ~]# 
tar zxvf pwauth-2.3.11.tar.gz 

[root@www ~]# 
cd pwauth-2.3.11 

[root@www pwauth-2.3.11]# 
vi config.h
# line 126: comment out

/*
 #define SHADOW_SUN
# line 134: uncomment

#define PAM
# line 282: change to the httpd's ID )

#define SERVER_UIDS 
48
   /* user "
apache
" on the author's system */
[root@www pwauth-2.3.11]# 
vi Makefile
# line 10: comment out

#
LIB= -lcrypt
# line 14: uncomment

LIB=-lpam -ldl
[root@www pwauth-2.3.11]# 
make 

[root@www pwauth-2.3.11]# 
cp pwauth /usr/local/libexec/ 

[root@www pwauth-2.3.11]# 
chmod 4755 /usr/local/libexec/pwauth 

[root@www pwauth-2.3.11]# 
cd 

[root@www ~]# 
vi /etc/pam.d/pwauth
# create new

#%PAM-1.0
auth        include       system-auth
account     include       system-auth
session     include       system-auth

[root@www ~]# 
vi /etc/httpd/conf.d/auth_pam.conf
# create new

LoadModule authnz_external_module modules/mod_authnz_external.so
AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe

<Directory /var/www/html/auth-pam>
    SSLRequireSSL
    AuthType Basic
    AuthName "PAM Authentication"
    AuthBasicProvider external
    AuthExternal pwauth
    require valid-user
</Directory>

# create a test page

[root@www ~]# 
mkdir /var/www/html/auth-pam 

[root@www ~]# 
vi /var/www/html/auth-pam/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for PAM Auth
</div>
</body>
</html>

[root@www ~]# 
systemctl restart httpd
[3]Access to the test page with a Web browser on Client and authenticate with a user which is on OS.
[4]Just accessed.

Nenhum comentário:

Postar um comentário