Nginx module to use PAM for simple http authentication

Noel Lublovary lists at
Fri Dec 5 02:28:59 MSK 2008

Sergio, you're a hero! Sometimes simple things are the best. Compiling 
your module with nginx 0.7.23 throw me an error, something like 
debuglog3 need 8 parameters instead of 5. I don't care about debug so I 
simply removed those lines in your code and it compiled fine and works 

It's bloody brilliant because it allowed me to setup quickly a 
mysqldb-pam backed auth, for my cpanel & awstats. Long live Sysoev! Long 
live Sergio!

 Talens-Oliag wrote:
> El Wed, Sep 17, 2008 at 10:21:08PM +0800, lhmwzy va escriure:
>> How to use it?
>> Could you please make a example?
> There are examples on the README file included on the tarball:
>   To protect everything under `/secure` you will add the following to 
> the
>   `nginx.conf` file:
>     location /secure {
>       auth_pam              "Secure Zone";
>       auth_pam_service_name "nginx";
>     }
>   Note that the module runs as the web server user, so the PAM modules 
> used
>   must be able to authenticate the users without being root.
>   For example, to authenticate users against an LDAP server (using the
>   `` module) you will use an `/etc/pam.d/nginx` like the 
> following:
>     auth    required  /lib/security/
>     account required  /lib/security/
>   If you also want to limit the users from LDAP that can authenticate 
> you can
>   use the `` module; to limit who can access resources 
> under
>   `/restricted` add the following to the `nginx.conf` file:
>     location /restricted {
>       auth_pam              "Restricted Zone";
>       auth_pam_service_name "nginx_restricted";
>     }
>   Use the following `/etc/pam.d/nginx_restricted` file:
>     auth    required  /lib/security/ onerr=fail item=user 
> \
>                       sense=allow file=/etc/nginx/restricted_users
>     auth    required  /lib/security/
>     account required  /lib/security/
>   And add the users allowed to authenticate to 
> `/etc/nginx/restricted_users`
>   (the web server user has to be able to read this file).
> I hope this helps,
>   Sergio.

Posted via

More information about the nginx mailing list