Nginx module to use PAM for simple http authentication

Sergio Talens-Oliag sto at iti.upv.es
Wed Sep 17 19:41:31 MSD 2008


El Wed, Sep 17, 2008 at 10:21:08PM +0800, lhmwzy va escriure:
> How to use it?
> Could you please make a example?

There are examples on the README file included on the tarball:

  To protect everything under `/secure` you will add the following to the
  `nginx.conf` file:

    location /secure {
      auth_pam              "Secure Zone";
      auth_pam_service_name "nginx";
    }

  Note that the module runs as the web server user, so the PAM modules used
  must be able to authenticate the users without being root.

  For example, to authenticate users against an LDAP server (using the
  `pam_ldap.so` module) you will use an `/etc/pam.d/nginx` like the following:

    auth    required  /lib/security/pam_ldap.so
    account required  /lib/security/pam_ldap.so

  If you also want to limit the users from LDAP that can authenticate you can
  use the `pam_listfile.so` module; to limit who can access resources under
  `/restricted` add the following to the `nginx.conf` file:

    location /restricted {
      auth_pam              "Restricted Zone";
      auth_pam_service_name "nginx_restricted";
    }

  Use the following `/etc/pam.d/nginx_restricted` file:

    auth    required  /lib/security/pam_listfile.so onerr=fail item=user \
                      sense=allow file=/etc/nginx/restricted_users
    auth    required  /lib/security/pam_ldap.so
    account required  /lib/security/pam_ldap.so

  And add the users allowed to authenticate to `/etc/nginx/restricted_users`
  (the web server user has to be able to read this file).

I hope this helps,

  Sergio.

-- 
Sergio Talens-Oliag <sto at iti.upv.es>       <http://www.iti.upv.es/>
Key fingerprint = FF77 A16B 9D09 FC7B 6656 CFAD 261D E19A 578A 36F2





More information about the nginx mailing list