misc/firestuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
firestuff/2006-02-26-why-isnt-mod_auth_pam-working-with-nis.html
Ian Gulliver a3dfa24549 Switch to ISO dates
2019-04-25 02:45:09 +00:00

21 lines
1.3 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!--# set var="title" value="Why isnt mod_auth_pam working with NIS?" -->
<!--# set var="date" value="2006-02-26" -->
<!--# include file="include/top.html" -->
<p>If youre trying to authenticate against NIS from Apache using mod_auth_pam, you have a problem. All (sane) Apache configurations run as a non-privileged user. All (sane) NIS servers deny requests to shadow.byname originating from ports &lt; 1024. If you check your NIS server logs, youll find request authentication errors.</p>
<p>If the server youre running Apache on has no untrusted user processes (no shells, no Apache CGI uploading, etc.), you can disable port security for just that host on your NIS server. This isnt much of a security risk; you better be within the same network if you were relying on port security anyway, so host-based security is just as good (it still sucks). Just before the uncommented lines in your /etc/ypserv.conf on your NIS master, add:</p>
<pre><code>&lt;client IP address&gt;:*:shadow.byname:none
</code></pre>
<p>Then restart ypserv et all. In Debian:</p>
<pre><code>/etc/init.d/nis restart
</code></pre>
<p>If your client machine does have untrusted users, there isnt a nice solution, as far as I know.</p>
<!--# include file="include/bottom.html" -->
Reference in New Issue View Git Blame Copy Permalink