Closed schnitzi99 closed 6 years ago
Yeah. The problem with Travis featuring Apache2.2 might be due to http://httpd.apache.org/docs/current/mod/mod_authn_socache.html states "Compatibility: | Version 2.3 and later"
Works fine in debian stretch amd64 with apache 2.4
Comments. I don't have any programming experience (except playing around some 20 years ago), no experience with github (except git clone ...) and was pretty much muddling through looking at other code examples. So please thoroughly check and correct my adaptions before using / including them. Please address the compatility issue with travis-ci / apache 2.2 as well.
How does the changes work (at least in apache 2.4) Socache seems to be comparing a cached version (needs to be hashed) of the password with the typed-in-password. Therefore we need to store a salted md5 hash of the password in the socache when authorization was successful. In my (lazy) implementation the salt is predefined - I guess a random salt would be better.
What configuration is necessary: Apache-config needs at least the following (upper case is necessary) for it to work: AuthBasicProvider socache PAM AuthnCacheProvideFor PAM
Tested? Yes. I have an apache 2.4 with mod_authnz_pam and a PAM-setup including pam_shield, pam_abl and pam_mysql. This was having problems due to the rate of access/authentification caused by apache2.4. --> With this adaption surfing on my page causes only one access via PAM and after that socache takes over as long as the cache didnt expire. Homepage gets fast.... :)
I've sent my updates to your pull request as https://github.com/schnitzi99/mod_authnz_pam/pull/1.
Refactored, pushed to master as 9236628dbac1c2d99d752731e8391fa1307f2b0c.
Copied from example code of dbd and dbm socache implementations If PAM-Authentification is successful (AUTH_GRANTED), do apache-style salted md5-hash and store it in socache.