要通过mod_auth_pam模块来使用本地密码验证,Apache用户需要shadow文件的读权限。修改文件/etc/shadow为550,然后将文件的group改为Apache使用的Group ,最好不要使用默认的组名。
安装过程:
# make # make install mod_auth_pam.so install: cannot stat `samples/httpd': No such file or directory make: *** [install] Error 1
忽略上面的错误提示。
新建 httpd 的 PAM 配置文件 /etc/pam.d/httpd,内容如下:
#%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth
修改 /etc/pam.d/system-auth,将:
account required /lib/security/pam_unix.so session required /lib/security/pam_unix.so
修改为:
account sufficient /lib/security/pam_unix.so session sufficient /lib/security/pam_unix.so
如果 httpd 只需要通过 ldap 认证,将 /etc/pam.d/httpd 设置为:
#%PAM-1.0 auth required /lib/security/pam_ldap.so account required /lib/security/pam_ldap.so password required /lib/security/pam_ldap.so session required /lib/security/pam_ldap.soShare on Twitter Share on Facebook
Comments
There are currently no comments
New Comment