From owner-freebsd-questions Wed Jul 3 5: 5:33 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0E7B37B400 for ; Wed, 3 Jul 2002 05:05:24 -0700 (PDT) Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by mx1.FreeBSD.org (Postfix) with SMTP id 6C13443E58 for ; Wed, 3 Jul 2002 05:04:32 -0700 (PDT) (envelope-from perisa@porsche.de) Received: (qmail 18095 invoked from network); 3 Jul 2002 12:02:04 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 3 Jul 2002 12:02:04 -0000 Received: (qmail 13584 invoked from network); 3 Jul 2002 11:57:31 -0000 Received: from wuxws007.ibd.porsche.de (HELO porsche.de) (141.36.2.178) by smtp4cli.ibd.porsche.de with SMTP; 3 Jul 2002 11:57:30 -0000 Message-ID: <3D22E716.9040001@porsche.de> Date: Wed, 03 Jul 2002 13:59:18 +0200 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc3) Gecko/20020523 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: Barry Byrne Cc: "local.freebsd.questions" , "'freebsd-questions@freebsd.org'" Subject: Re: Apache 1.3.22 References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG And you have another problem: Apache 1.3.22 is vulnerable. Read: http://www.cert.org/advisories/CA-2002-17.html Please update as soon as possible. There is already one known worm out there. Marc Barry Byrne wrote: >>-----Original Message----- >>From: owner-freebsd-questions@FreeBSD.ORG >> >> > > > >>I recently added mod_auth_pam from ports to an existing >>Apache installation because I wanted simple password >>file authentication and there's no port of mod_auth_system. >> >> > > > > >>The docs in /usr/local/share/doc/mod_auth_pam say that >>a file will have been added to /etc/pam.d by the install; >>however that directory does not exist. >> >> > >FreeBSD doesn't use /etc/pam.d as some systems do, instead, there >is a single file called /etc/pam.conf > >You need to add lines in the format: > > httpd account required pam_unix.so > > > >>Attempting to access a protected file gets this: >> >>Jul 2 15:20:39 speyburn httpd: unable to dlopen(/usr/lib/pam_unix.so) >>Jul 2 15:20:39 speyburn httpd: unable to dlopen(/usr/lib/pam_unix.so) >>Jul 2 15:20:39 speyburn httpd: [dlerror: /usr/lib/pam_unix.so: >>Undefined symbol "pam_get_item"] >>Jul 2 15:20:39 speyburn httpd: [dlerror: /usr/lib/pam_unix.so: >>Undefined symbol "pam_get_item"] >>Jul 2 15:20:39 speyburn httpd: adding faulty module: >>/usr/lib/pam_unix.so >>Jul 2 15:20:39 speyburn httpd: adding faulty module: >>/usr/lib/pam_unix.so >> >> > > >You probably will have two futher issues here. >Firstly, unless apache is compiled with the PAM libraries, it >will fail to load them. The simplest solution is to use LD_PRELOAD >when starting apache. > >In your apache startup file, try something like: > > LD_PRELOAD="/usr/lib/libpam.so.1" > export LD_PRELOAD > /usr/local/apache/bin/apachectl start > >You may also have another problem: > >pam_unix.so requires root privileges - apache typically runs as 'nobody', >so you won't be able to use this particular PAM module unless you run >apache as root (don't do this). You should be able to use most other PAM >modules just fine though. > > - Barry > > > > > >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message