mod_auth_aix 1.4 review

by on

"Loadable Authentication Modules" are AIX's way to extend the identification and authentication functions of the operating system

License: GPL (GNU General Public License)
File size: 17K
Developer: Markus Zahn
0 stars award from

"Loadable Authentication Modules" are AIX's way to extend the identification and authentication functions of the operating system. They are - up to a certain degree - the AIX equivalent of PAM and NSS mechanisms known by many other systems.

mod_auth_aix is an Apache module that allows the Apache web server to use AIX Loadable Authentication Modules as it's source of basic authentication. It has originally been inspired by Paul Henson's excellent mod_auth_dce, which seems to work perfectly on every platform but AIX.

Although mod_auth_dce is more powerful than mod_auth_aix, the latter already meets my current demands. Due to it's generic approach, mod_auth_aix should work with any AIX Loadable Authentication Module, not just (but of course including) the DCE module.

Building and installing mod_auth_aix:

mod_auth_aix comes with a configure script, so just run

./configure [--with-apxs=/path/to/apxs] [--with-kafs-syscall]
make install

If Apache should be able to serve requests with the DCE credentials of the authenticated user (i.e. have access to DFS during requests), you'll have to compile mod_auth_aix with kafs_syscall support.

Setting up Apache:

Add "LoadModule auth_aix_module libexec/" to your httpd.conf.

Then, add appropriate directives to your httpd.conf and/or .htaccess files. Configuration examples can be found in the examples subdirectory. Currently, all configuration directives work in a per directory context.


When this directive is 'on', AIX authentication is performed within the directory specified. The default is 'off'. You'll also need valid AuthType, AuthName, and require directives in the directory container. The only supported AuthType is 'Basic'. You can supply any AIX user and group (known by the AIX Loadable Authentication Module specified) to the Apache require directive.


mod_auth_aix will either approve or deny a request, when this directive is 'on'. The default is 'off'. When the directive is 'off' and a request is not approved (i.e. an authentication failure occurs), mod_auth_aix will decline to handle the request and allow other lower level modules to attempt authentication.


With this directive, you can specify, which AIX Loadable Authentication Module to use for authentication. The default is 'SYSTEM', which uses the module specified by the 'SYSTEM' login grammar (set in /etc/security/user) for the given user. Otherwise, mod_auth_aix will load the specified AIX Loadable Authentication Module and call this module's identification and authentication functions for the current request.

AIX >= 4.3.3
Apache 1.3.x

mod_auth_aix 1.4 keywords