← Back to team overview

phpdevshell team mailing list archive

Re: [Question #214123]: How to configure PAM to authenticate against NIS

 

Question #214123 on PHPDevShell changed:
https://answers.launchpad.net/phpdevshell/+question/214123

Hiteshbhai posted a new comment:
Greg,
  Here is a brief description of entire setup..

Step 1:  Install and configure Linux-PAM module..

   Underneath we used Linux-PAM module.  In short PAM provides
abstraction to the authentication mechanism.

    Here is how to install and configure PAM...

      http://www.linuxdocs.org/HOWTOs/User-Authentication-
HOWTO/x101.html

      You can configure it use local, nis or ldap to authenticate.


Step 2: Install and configure php-pam module to integrate with Linux-PAM.
       
           http://pecl.php.net/package/PAM

           Add below php.ini config entries..
            
            pam.servicename=php
            extension=/usr/lib64/php/modules/pam.so  (Basically, path to your installed pam.so lib)

            create /etc/pam.d/php file and add below entries
               #%PAM-1.0
               auth    required   pam_unix.so


Step 3: From PHP  you can use below method to authenticate..
      
        $error = "";
        $checkacctmgmt = false;
       
       $result = pam_auth($username, $password, $error, $checkacctmgmt);
          
     with respect to phpdevshell/PluggableAuth it's very similar to AUTH_ldap.class.php just use above method to authenticate.

  Issues:
       However, above method works,  there are some issues with it..  in some linux versions with respect to NIS the request should go to the NIS server as root user. 
     With Apache http server the problem is... you can not run apache as root, it runs as apache, which requires some kind of modification at NIS server.  Or the machine running apache should be configured as NIS slave server and apache should send request to local NIS slave server.

      Also in order to authenticate against local /etc/passwd  ,
'apache' should be added to the /etc/shadow  'shadow' group..

-- 
You received this question notification because you are a member of
PHPDevShell, which is an answer contact for PHPDevShell.