[CentOS] Centos 5 pam system-auth changes?

Les Mikesell lesmikesell at gmail.com
Thu Sep 6 18:58:02 UTC 2007


Can someone explain the changes in the system PAM setup for Centos5 vs. 
earlier verions?   I have servers configured to use SMB authentication 
against a Windows domain controller so I don't have to deal with 
separate passwords.  That still works the same for users that actually 
have local accounts.  However, on some machines I also build the 
mod_auth_pam module for apache and use an /etc/pam.d/httpd file like:

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_permit.so

The 'account' line is supposed to let anyone in, even if they don't have 
any local account info so everyone with a domain login/password can 
access the password  protected web pages.

On Centos5, apache authentication with mod_auth_pam still requires a 
local account.  I think this entry in /etc/pam.d/system-auth may be the 
problem:
auth        requisite     pam_succeed_if.so uid >= 500 quiet

Does that mean pam is going to fail if it can't find account info during 
the auth phase?   How can I make apache use all the system-auth ways to 
check a password without necessarily needing a local account?  (If 
someone does have a local account with a local password, I want that to 
work too).

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the CentOS mailing list