Nginx with PAM authentication through pam_script
Posted
by
Envek
on Server Fault
See other posts from Server Fault
or by Envek
Published on 2012-09-13T01:40:38Z
Indexed on
2012/09/13
3:41 UTC
Read the original article
Hit count: 536
Have anyone set up such a configuration?
It's not work for me.
So, I've installed nginx-extras on Ubuntu 12.04 (it's built with PAM module), and write to site config:
location ^~ /restricted_place/ {
auth_pam "Please specify login and password from main_site";
auth_pam_service_name "nginx";
}
Afterwards, in /etc/pam.d/nginx
:
auth required pam_script.so dir=/path/to/my/auth_scripts
And wrote simplest /path/to/my/auth_scripts/pam_script_auth
(also I've tried to write complicated scripts)
#!/bin/sh
exit 0 # should allow anyone
Doesn't work. The script is launched (I've wrote full functional script, that successfully executes, check credentials, writes to its own log and returns correct exit code, and executes noticeably long). But no access granted. Only rejected.
In /var/log/nginx/error.log
appears next record:
2012/09/13 10:44:42 [alert] 1666#0: waitpid() failed (10: No child processes)
If I'm specify in /etc/pam.d/nginx
:
auth required pam_unix.so
and grant for www-data user right to read /etc/shadow
, unix authorization works fine. But script auth doesn't work.
Can't understand, where is trouble. In nginx module, or in pam_script module.
© Server Fault or respective owner