From owner-freebsd-questions@FreeBSD.ORG Wed Oct 22 19:56:02 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CB893871 for ; Wed, 22 Oct 2014 19:56:02 +0000 (UTC) Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5AA30ADE for ; Wed, 22 Oct 2014 19:56:02 +0000 (UTC) Received: by mail-wi0-f174.google.com with SMTP id r20so2368195wiv.7 for ; Wed, 22 Oct 2014 12:56:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:user-agent:date:message-id:mime-version :content-type:content-transfer-encoding; bh=9yPVi0F9RJrhT6TN1r+CHWzvvkZ7OF02c8ILc020TlI=; b=NhRhLVKfwxTGgdfA2brgchd0LB5sJRpe2YpRpnjgoYswFKhZGlz+o6xAd9vRatYBHx kVgnr4EVGUi+KLi257NB6m6YbmvX+JBlazKe3BvrjuQsJd8zFZ4zaI/gmMP8YdMSyBIL uWHy42EcdomQnAwnrbIQVVvUlidxsehC/dbo4t45HClslRK3UZ2zj39tG2Y1pafRlowC DWszkYWNYSYo9lwb+GUhV7hbl2JHHomdb//f4isGi1R7TSY3LCylHsY8tbEHlfM1gLfh 2qqcOjQsL/+IjJ3obLha4zd1VMffK+0hO1Bi5ObEy76nhRrltnExX6wXk+bJ/IUhI8r5 O/SA== X-Received: by 10.180.74.237 with SMTP id x13mr8312110wiv.6.1414007760571; Wed, 22 Oct 2014 12:56:00 -0700 (PDT) Received: from srvbsdfenssv.interne.associated-bears.org (LCaen-656-01-57-48.w217-128.abo.wanadoo.fr. [217.128.200.48]) by mx.google.com with ESMTPSA id fv2sm218674wib.2.2014.10.22.12.55.59 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Oct 2014 12:56:00 -0700 (PDT) Sender: Eric Masson Received: from srvbsdfenssv.interne.associated-bears.org (localhost [127.0.0.1]) by srvbsdfenssv.interne.associated-bears.org (Postfix) with ESMTP id CC60BCF4CD for ; Wed, 22 Oct 2014 21:55:58 +0200 (CEST) X-Virus-Scanned: amavisd-new at interne.associated-bears.org Received: from srvbsdfenssv.interne.associated-bears.org ([127.0.0.1]) by srvbsdfenssv.interne.associated-bears.org (srvbsdfenssv.interne.associated-bears.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPwuzse8YyWC for ; Wed, 22 Oct 2014 21:55:57 +0200 (CEST) Received: by srvbsdfenssv.interne.associated-bears.org (Postfix, from userid 1001) id 8A1E8CF3BE; Wed, 22 Oct 2014 21:55:57 +0200 (CEST) From: Eric Masson To: Mailing List FreeBSD Questions Subject: NGINX, pam_unix.so & master.passwd User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) X-Operating-System: FreeBSD 9.3-RELEASE-p3 amd64 Date: Wed, 22 Oct 2014 21:55:57 +0200 Message-ID: <86oat36fqq.fsf@srvbsdfenssv.interne.associated-bears.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 19:56:02 -0000 Hi, I've set up NGINX with pam authentication using the following configuration : # # PAM configuration for the "nginx" service # # auth auth required pam_unix.so debug Authentication works fine if user directive in nginx.conf is set to root and fails if set to nobody (default). So, it seems that authentication is handled by worker processes, not delegated to master process. Is there any "clean" (*) way to solve this issue, or should I forget about using pam_unix.so to authenticate users, please ? Éric Masson * : NGINX using a least privileged account, no mess around master.passwd permissions -- C'est pas de la pub, juste un message à caractère informatif. Nous sommes partenaires Gold agréés OLEANE. Ils ne nous en voudront sûrement pas. Les $ ne sont là que pour permettre au message d'arriver en tête de liste -+- VG in: - Pour une poignée de dollars -+-