Home
      Online Store
      NuOnce Services
      Cobalt Offerings
      CentOS / Blue Quartz
      Programming Resources
      Tech Support
      About Us
      Site News
 
Mod Auth External is an external module for Apache that will pass authentication over to another program. This page is dedicated to that "other program". NuOnce Networks, Inc. did not write mod_auth_external, nor do we provide support for it. We do provide support for our custom application!

What it does?
This application was written to provide a way for BlueQuartz installs to be able to authenicate against the PAM database.

But What about mod_auth_pam?
Good question. When I tried to use it, I had to chmod +r my shadow.db or make Apache a part of a group that had access to it. The down side would be that any PHP on the system runs as Apache, and would have access to this file. I did NOT like that, so I choose to use "mod_auth_external" instead.

Security!!!!!
This script offers the following security ehancements
  • Only Apache can run this script!
  • Only Apache can view this script!
  • It fails authentication when user names are longer then 50 characters
  • It fails authentication when pass words are longer then 50 characters
  • No users under 'X' (500 on BQ) can authenticate! Root & System users won't!
  • Usernames & Passwords are piped to program! It won't expose username/passwords in environmental variables!
  • Uses Perl_Auth_Pam to authenticate against PAM Database.
  • Group Authentication!!!
  • After 3 failed attempts, the IP is automatically locked out for 1 hour. You can look in /tmp/mae_logs to see who is locked out

Here are three basic examples to show you how to make it work

Basic configuration for any users:
AuthAuthoritative On
AuthType Basic
AuthName Your_Eyes_only
AuthExternal pwauth
require valid-user

Only allow 1 specific user to authenticate
AuthAuthoritative On
AuthType Basic
AuthName Your_Eyes_only
AuthExternal pwauth
require valid-user USERNAME_HERE

Allow group authentication
AuthAuthoritative On
AuthType Basic
AuthName Your_Eyes_only
AuthExternal pwauth
GroupExternal unixgroup
require group site1


If you run BlueQuartz w/ CentOS, this is how you install it:
wget http://www.nuonce.net/bq/BQ-5102R-AuthExternal-2.1.pkg
/usr/sausalito/sbin/pkg_prepare.pl -i -R -f BQ-5102R-AuthExternal-2.1.pkg


Release 2.1 - Feb 7th 2006
  • Fixed Password Problem



    • For more information & source code to mod_auth_external please visit: http://www.unixpapa.com/mod_auth_external






    Copyright (c) 2006.
    NuOnce Networks, Inc.