Please Help With mod_auth_external

[eli101]

Hi


I am using mod_auth_external-2.1.16 for password authentication, with an external script, it works fine for password authentication, I world like to start using it also for groups authentication, but I don’t rely see how I could find out which group is in my .htaccess file.

I will explain my self
I am trying to use mod auth for Apache NIS group and password authentication, to require users supply logins and passwords before accessing pages in some directories.
1) I would like to check if the password given is correct for a user
2) I would like to check if the user given is in the group that I entered in the .htaccess file (which my script will check if the user given and the group allowed in .htaccess file match the NIS user group entry)

For password authentication it works fine, look my example below, but for group authentication not, I don’t know how I could find out what groups are in the .htaccess file to be able to match it up with the my NIS groups

I know that mod_auth_external gives you back the user as USER, password as PASS, and group as GROUP, for user and password its simple because this is user entry's but for groups this is something in the .htaccess file, for GROUP variable what to what group is it set, not the group that is in my .htaccess file

------------------------------------------------------
This how I installed it and set it up example of my changes to httpd.conf below
====================================
apxs -c mod_auth_external.c
apxs -i -a mod_auth_external.so
====================================
LoadModule external_auth_module libexec/mod_auth_external.so
AddModule mod_auth_external.c

====================================
#
## This is for Password authentication Program
#
AddExternalAuth test_user /var/apache/cgi-bin/test.pipe
SetExternalAuthMethod test_user pipe
#
AddExternalGroup test_group /var/apache/cgi-bin/test.pipe
SetExternalGroupMethod test_group pipe

====================================
# AllowOverride None
AllowOverride AuthConfig
====================================
This is example of .htaccess file
====================================
AuthType Basic
AuthName "Enter Login"
AuthExternal test_user
require user samh
AuthType Basic
AuthName "Enter group"
#AuthExternal test_group
GroupExternal test_group
require group it
====================================
This is my test.pipe script
====================================
# more /var/apache/cgi-bin/test.pipe
#!/usr/local/bin/perl

# Get the user name
$user= <STDIN>;
chomp $user;
# print STDERR &quot;$user: This is user \n&quot;;

# Get the password name
$pass= <STDIN>;
chomp $pass;
# print STDERR &quot;$pass: This is password \n&quot;;

# Accept the login if the user name and the password matchs
$cmd = &quot;/usr/bin/ypmatch $user passwd&quot;;
$line = `$cmd`;
@words = split /:/,$line;
$un = $words[0];
if(!$un) # username is invalid
{
$error = &quot;User Name or Password is not valid&quot;;
exit 1;
}
else
{
$name = $words[4];
@tmp = split /-/,$name;
$name = $tmp[0];
$dpt = $words[3];
$pwd = $words[1];
if(crypt($pass,$pwd) eq $pwd)
{
print STDERR &quot;$prog: login matches password - Accepted\n&quot;;
exit 0;
}
else
{
print STDERR &quot;$prog: login doesn't match password - Rejected\n&quot;;
exit 1;
}
}
==============================

 

[danielhozac]

Why aren't you using Apache's own modules for authentication? They have support for everything you seem to need.

//Daniel

 

[eli101]

Thanks for the reply

I am using apache which comes with Solaris 8 that’s - version: Apache/1.3.12, I am trying to grant permissions on directories based on my current NIS password and groups, will I be able to do this with apache, if yes what are Apache's own modules and how do I set them up, please give me some examples or where I could find more info on them.

Thanks in advance
Eli

 

[danielhozac]

Oh, you wanted to use NIS authentication. I guess I should've read your post a bit closer.

You seem to be on the right track. But, I have never used the module you are using so I can't help you with that.

//Daniel