mod_auth_aix 1.4 review

Download

"Loadable Authentication Modules" are AIX's way to extend the identification and authentication functions of the operating system

License:	GPL (GNU General Public License)
File size:	17K
Developer:	Markus Zahn

"Loadable Authentication Modules" are AIX's way to extend the identification and authentication functions of the operating system. They are - up to a certain degree - the AIX equivalent of PAM and NSS mechanisms known by many other systems.

mod_auth_aix is an Apache module that allows the Apache web server to use AIX Loadable Authentication Modules as it's source of basic authentication. It has originally been inspired by Paul Henson's excellent mod_auth_dce, which seems to work perfectly on every platform but AIX.

Although mod_auth_dce is more powerful than mod_auth_aix, the latter already meets my current demands. Due to it's generic approach, mod_auth_aix should work with any AIX Loadable Authentication Module, not just (but of course including) the DCE module.

Building and installing mod_auth_aix:

mod_auth_aix comes with a configure script, so just run

./configure [--with-apxs=/path/to/apxs] [--with-kafs-syscall]
make
make install

If Apache should be able to serve requests with the DCE credentials of the authenticated user (i.e. have access to DFS during requests), you'll have to compile mod_auth_aix with kafs_syscall support.

Setting up Apache:

Add "LoadModule auth_aix_module libexec/mod_auth_aix.so" to your httpd.conf.

Then, add appropriate directives to your httpd.conf and/or .htaccess files. Configuration examples can be found in the examples subdirectory. Currently, all configuration directives work in a per directory context.

AuthAIX

When this directive is 'on', AIX authentication is performed within the directory specified. The default is 'off'. You'll also need valid AuthType, AuthName, and require directives in the directory container. The only supported AuthType is 'Basic'. You can supply any AIX user and group (known by the AIX Loadable Authentication Module specified) to the Apache require directive.

AuthAIXAuthoritative

mod_auth_aix will either approve or deny a request, when this directive is 'on'. The default is 'off'. When the directive is 'off' and a request is not approved (i.e. an authentication failure occurs), mod_auth_aix will decline to handle the request and allow other lower level modules to attempt authentication.

AuthAIXMethod

With this directive, you can specify, which AIX Loadable Authentication Module to use for authentication. The default is 'SYSTEM', which uses the module specified by the 'SYSTEM' login grammar (set in /etc/security/user) for the given user. Otherwise, mod_auth_aix will load the specified AIX Loadable Authentication Module and call this module's identification and authentication functions for the current request.

Requirements:
AIX >= 4.3.3
Apache 1.3.x

mod_auth_aix 1.4 screenshot
Zoom

mod_auth_aix 1.4 keywords

mod_auth_aix 1.4: "Loadable Authentication Modules" are AIX's way to extend the identification and authentication functions of the operating system
AuthPG 1.5: AuthPG is a PostgreSQL Authentication Module. PostgreSQL Authentication Module (AuthPG) enables Apache to authenticate users with
Apache::AuthPerLDAP 0.5: Apache::AuthPerLDAP is a mod_perl PerLDAP Authentication Module. SYNOPSIS < Directory /foo/bar > # Authentication Real
mod_auth_shadow 1.5: mod_auth_shadow is an Apache module for authentication using /etc/shadow. When performing this task one encounters one fundamental
mod_auth_shadow2 2.1: mod_auth_shadow is an Apache module for authentication using /etc/shadow. When performing this task one encounters one fundamental
mod_mldap 0.71: mod_mldap is a simple LDAP authentication module for Apache 2. Quick installtion of the dynamic module: As root, run:
mod_auth_pam 1.1.1 for Apache 2.0: mod_auth_pam is an authentication module for the Apache Web-Server. The PAM authentication module implements Basic authentication

mod_auth_aix 1.4 review

Alternative/similar