D90 Tools & Techniques

"So I can remember how I did stuff in the future…"

• Home
• About

Topics

• Auditing
• General Security
• Linux
• Networking
• Sysadmin Tools
• Uncategorized
• Web Hosting Tools
  • Lighttpd
  • Squid
• Windows

Archives

• November 2010
• October 2010
• February 2010
• January 2010
• December 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• March 2009
• February 2009
• December 2008
• November 2008
• October 2008
• July 2008
• May 2008
• April 2008
• January 2008
• December 2007
• October 2007
• September 2007

Handy References

• (Draft)
• SED One Liners
• Advanced Bash
• Advaned Bash (D90 Archive)
• ASCII Table
• Windows ALT Codes
• XHTML Codes
• CSS Codes
• SQL Reference
• Country / Language Codes
• CISCO IOS Reference

Search

Quick Reference Posts

• Favorite Commands
• Terms & Speeds
• Pre-press & Media
• Security Articles

Handy Services

• Whois
• IP Lookup
• MAC Address Lookup
• DIG
• Internet Traceroute
• MX Record Lookup
• File Transfer Speed
• Mac Address Lookup
• chmod calculator
• Internet Latency
• Akami Internet Visualization
• Unit Convertor
• Reverse Hash Database

Some Favorite Sites

• Schneier on Security
• Krebs on Security
• MalwareInt Blog
• CSO Online
• The Register
• Internet Storm Center
• Chronology of Data Breaches
• SANS Forensics Blog

More Favorite Posts

• Baloney Detector
• Default Passwords
• Data Center Naming
• Whole Building Design Guide

How do I do that again?

• Interpreting TOP
• Yahoo's Website Optimization Rules

Security Resources

• Professional Security Testers
• Open Source Security Test Methodology
• ISO 17799
• NIST Security Assessment Framework
• CERT OCTAVE Assessment Framework
• NSA System Hardening Guidelines
• Microsoft Baseline Security Analyzer, Other Tools, and Frameworks
• WebGoat Web Vulnerability Practice
• OWASP Web Application Vulnerabilities
• CyberCrime.gov Updated list of incidents
• Information Systems Audit Methodology
• Terry Ritter's Guideline for safe PC Banking
• Open Source Forensics

Forensic Resources

• Sleuth Kit

More Security Resources

• Typo Squatting

« Data Security Legal Stuff | Main | Ruby Stuff »

Configuring authnz_external and pwauth

By Matt | November 3, 2008

This is a newer and seems to be more secure way to authenticate in Apache with the Linux user database then mod_pam.

– CentOS 5
– Subversion was already installed by default.
– yum install mod_dav_svn.x86_64 to add in Apache support for it.

Ok, need mod_authnz_external to support unix passwords via Apache 2.2
This is more secure then mod_auth_pam:

wget http://unixpapa.com/software/mod_authnz_external-3.1.0.tar.gz
tar -xvf mod_authnz_external-3.1.0.tar.gz

prereq: yum install httpd-devel.x86_64

cd mod_authnz_external-3.1.0

/usr/sbin/apxs -c mod_authnz_external.c
/usr/sbin/apxs -i -a mod_authnz_external.la

Ok, now need pwauth:
wget http://www.unixpapa.com/software/pwauth-2.3.6.tar.gz
tar -xvf pwauth-2.3.6.tar.gz
cd pwauth-2.3.6

**IMPORTANT**:
vi config.h
— change SERVER_UIDS as appropriate. In this case 48, 500 (apache and ******). These are the users, along with root, allowed to run the program!
make
cp pwauth /usr/local/bin/.

In /etc/httpd/conf.d/ssl.conf under the ****** vhost:
AddExternalAuth pwauth /usr/local/bin/pwauth
SetExternalAuthMethod pwauth pipe

In subversion.conf, or where appropriate:
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
AuthName “Use your ****** credentials”
# AuthzSVNAccessFile /code_repos/access.list
Require valid-user

Topics: Uncategorized | No Comments »

Comments

You must be logged in to post a comment.

D90 Tools & Techniques is proudly powered by WordPress - Designed by RFDN
Entries (RSS) and Comments (RSS)