Nginx module to use PAM for simple http authentication
Sergio Talens-Oliag
sto at iti.upv.es
Wed Sep 17 19:41:31 MSD 2008
El Wed, Sep 17, 2008 at 10:21:08PM +0800, lhmwzy va escriure:
> How to use it?
> Could you please make a example?
There are examples on the README file included on the tarball:
To protect everything under `/secure` you will add the following to the
`nginx.conf` file:
location /secure {
auth_pam "Secure Zone";
auth_pam_service_name "nginx";
}
Note that the module runs as the web server user, so the PAM modules used
must be able to authenticate the users without being root.
For example, to authenticate users against an LDAP server (using the
`pam_ldap.so` module) you will use an `/etc/pam.d/nginx` like the following:
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
If you also want to limit the users from LDAP that can authenticate you can
use the `pam_listfile.so` module; to limit who can access resources under
`/restricted` add the following to the `nginx.conf` file:
location /restricted {
auth_pam "Restricted Zone";
auth_pam_service_name "nginx_restricted";
}
Use the following `/etc/pam.d/nginx_restricted` file:
auth required /lib/security/pam_listfile.so onerr=fail item=user \
sense=allow file=/etc/nginx/restricted_users
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
And add the users allowed to authenticate to `/etc/nginx/restricted_users`
(the web server user has to be able to read this file).
I hope this helps,
Sergio.
--
Sergio Talens-Oliag <sto at iti.upv.es> <http://www.iti.upv.es/>
Key fingerprint = FF77 A16B 9D09 FC7B 6656 CFAD 261D E19A 578A 36F2
More information about the nginx
mailing list