, the blog

Some geek stuff, some not so geek stuff.


Using PAM with http auth

Palm TreeI was getting this error on one of my ubuntu linux installation (running apache2 with libapache2-mod-auth-pam installed)
PAM: user ‘username’ – not authenticated: Authentication failure

It took some digging around but I was able to fix it by making one change…
edit /etc/group and add www-data to the shadow group.
There are security implications to this. Beware! It gives the www-data user read access to the shadow password file (which contains password hashes.)

My apache config has these lines in it:

AuthPAM_Enabled on
AuthType Basic
AuthName "Authentication name here"
Require valid-user

Yay! it works. It’s a temporary fix until I get a central LDAP server setup to handle all authentication.