[nycbug-talk] Apache 2 mod_auth_pam user 'XXXX' - not authenticated: authentication error

[Jonathan Stewart]

Jonathan wrote:
> I emailed the list about this a while back with the subject "Apache 2
> mod_auth_pam and DAV" without much luck.  I've decided to tackle the
> problem once again and have managed to I /think/ narrow the problem down
> a bit more.
> 
> I'm using mod_auth_imap2 for apache 2 from ports on FreeBSD and have
> checked configurations everywhere I can.  My apache conf has the
> mod_auth_pam module loaded and enabled and I am using "require user
> jonathan" my pam.d httpd file is simply
>> #auth   required pam_permit.so
>> auth       required     pam_unix.so
>> account    required     pam_permit.so
> if I change pam_unix to pam_permit everything works except of course it
> no longer matters what username and password I put in which defeats the
> purpose of all this.  DAV has nothing to do with it unlike I originally
> thought.
[snip unneeded stuff]

I finally found what appears to be the answer :D I don't know how the
heck I missed it before considering how old the message I found is but
anyway just in case it helps someone now or someday.

Apparently using pam_unix through mod_auth_pam requires having a uid of
0 because of a syscall pam_unix uses.  Of course running apache as root
is generally considered a rather poor idea so it looks like a combo of
mod_auth_external2 and pwauth is what I will wind up using.  I also
found mod_authenticache which I will have to look into for things like
DAV and SVN that do a *lot* of requests that require authentication.

Here is the thread I found the answer in...
http://lists.freebsd.org/pipermail/freebsd-questions/2005-May/088561.html

Hope this helps someone,
Jonathan