Nginx module to use PAM for simple http authentication

Noel Lublovary lists at ruby-forum.com
Fri Dec 5 02:28:59 MSK 2008 

Sergio, you're a hero! Sometimes simple things are the best. Compiling 
your module with nginx 0.7.23 throw me an error, something like 
debuglog3 need 8 parameters instead of 5. I don't care about debug so I 
simply removed those lines in your code and it compiled fine and works 
perfectly.

It's bloody brilliant because it allowed me to setup quickly a 
mysqldb-pam backed auth, for my cpanel & awstats. Long live Sysoev! Long 
live Sergio!


 Talens-Oliag wrote:
> El Wed, Sep 17, 2008 at 10:21:08PM +0800, lhmwzy va escriure:
>> How to use it?
>> Could you please make a example?
> 
> There are examples on the README file included on the tarball:
> 
>   To protect everything under `/secure` you will add the following to 
> the
>   `nginx.conf` file:
> 
>     location /secure {
>       auth_pam              "Secure Zone";
>       auth_pam_service_name "nginx";
>     }
> 
>   Note that the module runs as the web server user, so the PAM modules 
> used
>   must be able to authenticate the users without being root.
> 
>   For example, to authenticate users against an LDAP server (using the
>   `pam_ldap.so` module) you will use an `/etc/pam.d/nginx` like the 
> following:
> 
>     auth    required  /lib/security/pam_ldap.so
>     account required  /lib/security/pam_ldap.so
> 
>   If you also want to limit the users from LDAP that can authenticate 
> you can
>   use the `pam_listfile.so` module; to limit who can access resources 
> under
>   `/restricted` add the following to the `nginx.conf` file:
> 
>     location /restricted {
>       auth_pam              "Restricted Zone";
>       auth_pam_service_name "nginx_restricted";
>     }
> 
>   Use the following `/etc/pam.d/nginx_restricted` file:
> 
>     auth    required  /lib/security/pam_listfile.so onerr=fail item=user 
> \
>                       sense=allow file=/etc/nginx/restricted_users
>     auth    required  /lib/security/pam_ldap.so
>     account required  /lib/security/pam_ldap.so
> 
>   And add the users allowed to authenticate to 
> `/etc/nginx/restricted_users`
>   (the web server user has to be able to read this file).
> 
> I hope this helps,
> 
>   Sergio.

-- 
Posted via http://www.ruby-forum.com/.

More information about the nginx mailing list