Nginx with PAM authentication through pam_script

Posted by Envek on Server Fault See other posts from Server Fault or by Envek
Published on 2012-09-13T01:40:38Z Indexed on 2012/09/13 3:41 UTC
Read the original article Hit count: 536

Filed under:
|
|

Have anyone set up such a configuration?

It's not work for me.

So, I've installed nginx-extras on Ubuntu 12.04 (it's built with PAM module), and write to site config:

location ^~ /restricted_place/ {
    auth_pam              "Please specify login and password from main_site";
    auth_pam_service_name "nginx";
}

Afterwards, in /etc/pam.d/nginx:

auth    required    pam_script.so dir=/path/to/my/auth_scripts

And wrote simplest /path/to/my/auth_scripts/pam_script_auth (also I've tried to write complicated scripts)

#!/bin/sh
exit 0 # should allow anyone

Doesn't work. The script is launched (I've wrote full functional script, that successfully executes, check credentials, writes to its own log and returns correct exit code, and executes noticeably long). But no access granted. Only rejected.

In /var/log/nginx/error.log appears next record:

2012/09/13 10:44:42 [alert] 1666#0: waitpid() failed (10: No child processes)

If I'm specify in /etc/pam.d/nginx:

auth    required    pam_unix.so

and grant for www-data user right to read /etc/shadow, unix authorization works fine. But script auth doesn't work.

Can't understand, where is trouble. In nginx module, or in pam_script module.

© Server Fault or respective owner

Related posts about nginx

Related posts about authentication