Using PAM with http auth

Palm TreeI was getting this error on one of my ubuntu linux installation (running apache2 with libapache2-mod-auth-pam installed)
PAM: user ‘username’ – not authenticated: Authentication failure

It took some digging around but I was able to fix it by making one change…
edit /etc/group and add www-data to the shadow group.
There are security implications to this. Beware! It gives the www-data user read access to the shadow password file (which contains password hashes.)

My apache config has these lines in it:

AuthPAM_Enabled on
AuthType Basic
AuthName "Authentication name here"
Require valid-user

Yay! it works. It’s a temporary fix until I get a central LDAP server setup to handle all authentication.