phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #01163
Re: [Question #214123]: How to configure PAM to authenticate against NIS
Question #214123 on PHPDevShell changed:
https://answers.launchpad.net/phpdevshell/+question/214123
Hiteshbhai posted a new comment:
Greg,
Here is a brief description of entire setup..
Step 1: Install and configure Linux-PAM module..
Underneath we used Linux-PAM module. In short PAM provides
abstraction to the authentication mechanism.
Here is how to install and configure PAM...
http://www.linuxdocs.org/HOWTOs/User-Authentication-
HOWTO/x101.html
You can configure it use local, nis or ldap to authenticate.
Step 2: Install and configure php-pam module to integrate with Linux-PAM.
http://pecl.php.net/package/PAM
Add below php.ini config entries..
pam.servicename=php
extension=/usr/lib64/php/modules/pam.so (Basically, path to your installed pam.so lib)
create /etc/pam.d/php file and add below entries
#%PAM-1.0
auth required pam_unix.so
Step 3: From PHP you can use below method to authenticate..
$error = "";
$checkacctmgmt = false;
$result = pam_auth($username, $password, $error, $checkacctmgmt);
with respect to phpdevshell/PluggableAuth it's very similar to AUTH_ldap.class.php just use above method to authenticate.
Issues:
However, above method works, there are some issues with it.. in some linux versions with respect to NIS the request should go to the NIS server as root user.
With Apache http server the problem is... you can not run apache as root, it runs as apache, which requires some kind of modification at NIS server. Or the machine running apache should be configured as NIS slave server and apache should send request to local NIS slave server.
Also in order to authenticate against local /etc/passwd ,
'apache' should be added to the /etc/shadow 'shadow' group..
--
You received this question notification because you are a member of
PHPDevShell, which is an answer contact for PHPDevShell.