What am I missing in PAM configuration for Redhat Apache?Apache configuration issuesWhy does PAM prevent root...

Installed Tankless Water Heater - Internet loss when active

What is Theresa May waiting for?

Caught 2 students cheating together on the final exam that I proctored

A steel cutting sword?

How strong are Wi-Fi signals?

What was the idiom for something that we take without a doubt?

Why would Ryanair allow me to book this journey through a third party, but not through their own website?

Looking for a soft substance that doesn't dissolve underwater

Externally monitoring CPU/SSD activity without software access

How to use libraries with delays inside within a time critical STM32 HAL application?

Can a person survive on blood in place of water?

How to Pin Point Large File eating space in Fedora 18

Why were helmets and other body armour not commonplace in the 1800s?

Why did the person in charge of a principality not just declare themself king?

Is the taxi route omitted in low visibility (LVP)?

Should one buy new hardware after a system compromise?

Should I disclose a colleague's illness (that I should not know) when others badmouth him

Is Jon Snow the last of his House?

Is DateWithin30Days(Date 1, Date 2) an Apex Method?

Is it true that cut time means "play twice as fast as written"?

Why didn't Thanos use the Time Stone to stop the Avengers' plan?

What is a Centaur Thief's climbing speed?

Boss wants me to falsify a report. How should I document this unethical demand?

Did people Unsnap to where they were?



What am I missing in PAM configuration for Redhat Apache?


Apache configuration issuesWhy does PAM prevent root from using useradd?What does “Cannot make/remove an entry for the specified session” mean?ACL for a binddn user for PAM?CentOS Apache ConfigurationApache 2.2 and php-fpm directory configurationapache server-status 403 forbidden azure centos vmapache Virtual Host Configuration CentOS7What defines pam password hashing?Apache SSI redhat 6






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







2















I am trying to have PAM to use the hosting system's "passwd" and "shadow" file to authenticate a user who is using the web application.



I am using RedHat 6, apache is 2.2, module mod_authnz_pam for the apache.



PAM in apache (httpd.conf) is configured as such:



<Location />

  AuthType Basic

  AuthName "basic_auth"

  AuthBasicProvider PAM

  AuthPAMService httpd

  Require valid-user

</Location>


I created a file named httpd in /etc/pam.d with the following configuration



auth    required    pam_unix.so

account required    pam_unix.so

session required    pam_unix.so


SELinux is enabled. "getenforce" returns "Enforcing"
I also ran
SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


So I get prompted asking for user credentials when I try to visit the ip address. But when I entered my system credential I get the following logs




unix_chkpwd[29856]: check pass; user unknown



unix_chkpwd[29856]: password check failed for user (username)



localhost httpd: pam_unix(httpd:auth): authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost=xxx.xx.xx.x user=username




SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


my user name definitely exists in passwd and shadow file, but some how PAM is saying it doesn't exist.



What else am I missing?






apache-httpd pam







share|improve this question
















bumped to the homepage by Community 1 hour ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

    – 0xSheepdog
    Dec 18 '17 at 20:31











  • By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

    – mattdm
    Dec 18 '17 at 20:33











  • @mattdm to the rescue. :)

    – 0xSheepdog
    Dec 18 '17 at 20:37











  • @0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

    – ShamanOfTheFrontier
    Dec 18 '17 at 20:52











  • Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

    – 0xSheepdog
    Dec 18 '17 at 20:58


















2















I am trying to have PAM to use the hosting system's "passwd" and "shadow" file to authenticate a user who is using the web application.



I am using RedHat 6, apache is 2.2, module mod_authnz_pam for the apache.



PAM in apache (httpd.conf) is configured as such:



<Location />

  AuthType Basic

  AuthName "basic_auth"

  AuthBasicProvider PAM

  AuthPAMService httpd

  Require valid-user

</Location>


I created a file named httpd in /etc/pam.d with the following configuration



auth    required    pam_unix.so

account required    pam_unix.so

session required    pam_unix.so


SELinux is enabled. "getenforce" returns "Enforcing"
I also ran
SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


So I get prompted asking for user credentials when I try to visit the ip address. But when I entered my system credential I get the following logs




unix_chkpwd[29856]: check pass; user unknown



unix_chkpwd[29856]: password check failed for user (username)



localhost httpd: pam_unix(httpd:auth): authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost=xxx.xx.xx.x user=username




SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


my user name definitely exists in passwd and shadow file, but some how PAM is saying it doesn't exist.



What else am I missing?






apache-httpd pam







share|improve this question
















bumped to the homepage by Community 1 hour ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

    – 0xSheepdog
    Dec 18 '17 at 20:31











  • By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

    – mattdm
    Dec 18 '17 at 20:33











  • @mattdm to the rescue. :)

    – 0xSheepdog
    Dec 18 '17 at 20:37











  • @0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

    – ShamanOfTheFrontier
    Dec 18 '17 at 20:52











  • Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

    – 0xSheepdog
    Dec 18 '17 at 20:58














2












2








2








I am trying to have PAM to use the hosting system's "passwd" and "shadow" file to authenticate a user who is using the web application.



I am using RedHat 6, apache is 2.2, module mod_authnz_pam for the apache.



PAM in apache (httpd.conf) is configured as such:



<Location />

  AuthType Basic

  AuthName "basic_auth"

  AuthBasicProvider PAM

  AuthPAMService httpd

  Require valid-user

</Location>


I created a file named httpd in /etc/pam.d with the following configuration



auth    required    pam_unix.so

account required    pam_unix.so

session required    pam_unix.so


SELinux is enabled. "getenforce" returns "Enforcing"
I also ran
SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


So I get prompted asking for user credentials when I try to visit the ip address. But when I entered my system credential I get the following logs




unix_chkpwd[29856]: check pass; user unknown



unix_chkpwd[29856]: password check failed for user (username)



localhost httpd: pam_unix(httpd:auth): authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost=xxx.xx.xx.x user=username




SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


my user name definitely exists in passwd and shadow file, but some how PAM is saying it doesn't exist.



What else am I missing?






apache-httpd pam







share|improve this question
















I am trying to have PAM to use the hosting system's "passwd" and "shadow" file to authenticate a user who is using the web application.



I am using RedHat 6, apache is 2.2, module mod_authnz_pam for the apache.



PAM in apache (httpd.conf) is configured as such:



<Location />

  AuthType Basic

  AuthName "basic_auth"

  AuthBasicProvider PAM

  AuthPAMService httpd

  Require valid-user

</Location>


I created a file named httpd in /etc/pam.d with the following configuration



auth    required    pam_unix.so

account required    pam_unix.so

session required    pam_unix.so


SELinux is enabled. "getenforce" returns "Enforcing"
I also ran
SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


So I get prompted asking for user credentials when I try to visit the ip address. But when I entered my system credential I get the following logs




unix_chkpwd[29856]: check pass; user unknown



unix_chkpwd[29856]: password check failed for user (username)



localhost httpd: pam_unix(httpd:auth): authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost=xxx.xx.xx.x user=username




SELinux is on, getenforce returned Enforcing
I also ran the following



setsebool -P allow_httpd_mod_auth_pam 1


my user name definitely exists in passwd and shadow file, but some how PAM is saying it doesn't exist.



What else am I missing?






apache-httpd pam




apache-httpd pam






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 18 '17 at 22:34







ShamanOfTheFrontier

















asked Dec 18 '17 at 20:29









ShamanOfTheFrontierShamanOfTheFrontier

113




113





bumped to the homepage by Community 1 hour ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 1 hour ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

    – 0xSheepdog
    Dec 18 '17 at 20:31











  • By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

    – mattdm
    Dec 18 '17 at 20:33











  • @mattdm to the rescue. :)

    – 0xSheepdog
    Dec 18 '17 at 20:37











  • @0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

    – ShamanOfTheFrontier
    Dec 18 '17 at 20:52











  • Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

    – 0xSheepdog
    Dec 18 '17 at 20:58



















  • I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

    – 0xSheepdog
    Dec 18 '17 at 20:31











  • By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

    – mattdm
    Dec 18 '17 at 20:33











  • @mattdm to the rescue. :)

    – 0xSheepdog
    Dec 18 '17 at 20:37











  • @0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

    – ShamanOfTheFrontier
    Dec 18 '17 at 20:52











  • Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

    – 0xSheepdog
    Dec 18 '17 at 20:58

















I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

– 0xSheepdog
Dec 18 '17 at 20:31





I'm no expert in apache/httpd nor pam, but I do know many inter-process problems with apache stem from SELinux. Can you give us the output of 'getenforce` to see if it might be related?

– 0xSheepdog
Dec 18 '17 at 20:31













By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

– mattdm
Dec 18 '17 at 20:33





By "RedHat 6", you mean "Red Hat Enterprise Linux 6", right?

– mattdm
Dec 18 '17 at 20:33













@mattdm to the rescue. :)

– 0xSheepdog
Dec 18 '17 at 20:37





@mattdm to the rescue. :)

– 0xSheepdog
Dec 18 '17 at 20:37













@0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

– ShamanOfTheFrontier
Dec 18 '17 at 20:52





@0xSheepdog I turned off SELinux so I assumed there shouldn't been any security context issues. But for sanity's check I will enable it, restart, then use the setbool command

– ShamanOfTheFrontier
Dec 18 '17 at 20:52













Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

– 0xSheepdog
Dec 18 '17 at 20:58





Yes, please do. Setting SELinux to permissive mode is great for testing. Not for final state. Good luck! Humor but serious > stopdisablingselinux.com

– 0xSheepdog
Dec 18 '17 at 20:58










1 Answer
1






active

oldest

votes


















0














Set up /etc/pam.d/httpd like this, or similar.



#%PAM-1.0

auth       include    system-auth

account    required   pam_nologin.so

account    include    system-auth

password   include    system-auth

session    optional   pam_keyinit force revoke

session    include    system-auth

session    required   pam_loginuid.so


The idea is you're having the pam stack look at the other files instead for trying to attempt to verify the login. system-auth is typically called by many other pam services such as login, su, and sudo.






share|improve this answer
























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411660%2fwhat-am-i-missing-in-pam-configuration-for-redhat-apache%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Set up /etc/pam.d/httpd like this, or similar.



    #%PAM-1.0
    
auth       include    system-auth
    
account    required   pam_nologin.so
    
account    include    system-auth
    
password   include    system-auth
    
session    optional   pam_keyinit force revoke
    
session    include    system-auth
    
session    required   pam_loginuid.so


    The idea is you're having the pam stack look at the other files instead for trying to attempt to verify the login. system-auth is typically called by many other pam services such as login, su, and sudo.






    share|improve this answer




























      0














      Set up /etc/pam.d/httpd like this, or similar.



      #%PAM-1.0
      
auth       include    system-auth
      
account    required   pam_nologin.so
      
account    include    system-auth
      
password   include    system-auth
      
session    optional   pam_keyinit force revoke
      
session    include    system-auth
      
session    required   pam_loginuid.so


      The idea is you're having the pam stack look at the other files instead for trying to attempt to verify the login. system-auth is typically called by many other pam services such as login, su, and sudo.






      share|improve this answer


























        0












        0








        0







        Set up /etc/pam.d/httpd like this, or similar.



        #%PAM-1.0
        
auth       include    system-auth
        
account    required   pam_nologin.so
        
account    include    system-auth
        
password   include    system-auth
        
session    optional   pam_keyinit force revoke
        
session    include    system-auth
        
session    required   pam_loginuid.so


        The idea is you're having the pam stack look at the other files instead for trying to attempt to verify the login. system-auth is typically called by many other pam services such as login, su, and sudo.






        share|improve this answer













        Set up /etc/pam.d/httpd like this, or similar.



        #%PAM-1.0
        
auth       include    system-auth
        
account    required   pam_nologin.so
        
account    include    system-auth
        
password   include    system-auth
        
session    optional   pam_keyinit force revoke
        
session    include    system-auth
        
session    required   pam_loginuid.so


        The idea is you're having the pam stack look at the other files instead for trying to attempt to verify the login. system-auth is typically called by many other pam services such as login, su, and sudo.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 19 '17 at 1:38









        SokelSokel

        1,44659




        1,44659






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411660%2fwhat-am-i-missing-in-pam-configuration-for-redhat-apache%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

            Image
            Mogul-ArchitekturMausoleum in IndienBauwerk in Uttar PradeshGrabmoscheeKuppelbauwerkWeltkulturerbe in AsienWeltkulturerbe in IndienAgraMogulreichGrabbau in AsienGrabgartenErbaut in den 1640er Jahren deutschpersoarabischDMGDevanagariMausoleumYamunaAgraindischenUttar PradeshKuppelMinaretteZiegelsteinenMarmorplattenGroßmogulShah JahanMumtaz MahalOktogonTambourgebauchtenChhatriIwanMinaretteErdbebenWendeltreppeJaliKenotapheKryptaReliefsMarmorinkrustationenKoranMärtyrerinGottesSandsteinTschahār BāghBagh-e WafaDschalalabadParadiesgartenMekkaMoscheeSüd-ZentralasiensAhmad LahoriBadakhshanAbu Fazelpersische Architekturindo-islamischen BaukunstIndienAsiensElefantenMarmorJaipurRajasthanNarbadaEdelsteinenHalbedelsteinenJaspisPunjabKarneoleAchatYemenKristallChinaLapislazuliSaphireCeylonKorallenArabienRoten MeerGranateBundelkhandDiamantenPannaOnyxPersienHeliotropFatehpur SikriTürkiseJean-Baptiste TavernierFrançois BernierMullahsSeelenTeppichenYamunaMuhammad Aurangzeb AlamgirTschahār BāghHumayunsbri...
            Read more

            Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

            Image
            Localități urbane în județul MaramureșOrașe în județul MaramureșBaia Sprie maghiarăgermanăorașjudețul MaramureșTransilvaniaRomâniaChiuzbaiaTăuții de SusSatu Nou de Susminieresașilor13291329maghiarCarol RobertBaia Mare13601348139014061851latinescul1540germanBaia Mare1564Nicolae OlahusSăsarGutâiBaia Mare1411Belgradului1427Iancu de Hunedoara14461453Matei CorvinMaria Terezaslovacirecensământului efectuat în 2011recensământul anterior din 2002românimaghiariromiortodocșiromano-catolicireformațigreco-catolicipenticostalimartori ai lui IehovaSebastian Alin BârdaPartidul Național Liberal178019321960școlii băimărene de picturăAurel PoppAdy EndreNicolae TonitzaAstra19221997România1876vulcanicetectonicădaciteandezitecuarțuluiBaia SprieBorșaCavnicDragomireștiSăliștea de SusSeiniȘomcuta MareTârgu LăpușTăuții-MăgherăușUlmeniVișeu de SusArdusatArinișAsuaju de SusBăița de sub CodruBăiuțBârsanaBăseștiBicazBistraBocicoiu MareBogdan VodăBoiu MareBotizaBudeștiCălineștiCâmpulung la TisaCerneștiCicârlăuCoa...
            Read more

            Ciclooctatetraenă Vezi și | Bibliografie | Meniu de navigare637866text4148569-500570979m

            Image
            HidrocarburiAnulene ciclooctanuluianulenăbenzenaromaticăCostin D. Nenițescu Ciclooctatetraenă De la Wikipedia, enciclopedia liberă Jump to navigation Jump to search Ciclooctatetraenă Nume IUPAC 1,3,5,7-ciclooctatetraenă Alte denumiri COT [8]-anulenă Identificare SMILES C1=CC=C/C=CC=C1 Număr CAS 629-20-9 PubChem CID 637866 Informații generale Formulă chimică C 8 H 8 Aspect galben deschis Masă molară 104,15 g/mol Proprietăți Densitate 0,9250 g/cm 3 Starea de agregare lichidă Punct de topire -5 până la -3 °C Punct de fierbere 142 – 143 °C Temperatură de aprindere -11 °C Pericol Inflamabil, Toxic, Nociv, Fraze R R10 , R36/37/38 , R45 , R46 , R48/23/24/25 , R65 Fraze S S26 , S45 , S53 , S62 NFPA 704 4 3 0 Sunt folosite unitățile SI și condițiile de temperatură și presiune normale dacă nu s-a specificat altfel. Modifică date / text...
            Read more