Monthly Archives: décembre 2009

pam.d sucks on Debian

After several hours of googleing and testing I finaly succeded in authenticating squid3 and apache2 with local users (from /etc/passwd)

For squid you have to use the file /etc/pam.d/squid

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

Grand rights on pam_auth

chmod u+s /usr/lib/squid3/pam_auth

Warning, depending on Debian version or OS version (32/64) pam_unix.so may not have the same location, sometimes it is in /lib/i386-linux-gnu/security/pam_unix.so.

For apache2 edit the file /etc/pam.d/apache2

#  @include common-auth
#  @include common-account
auth    requisite       pam_unix.so     shadow
account requisite       pam_unix.so

Then make a symbolik link of httpd on apache2

ln -s httpd apache2

Add read rights on /etc/shadow file or allow apache2 service user (www-data) to read the shadow file

adduser www-data shadow

Now it works !