For further info, these are relevant configuration files:
/etc/nginx/sites-enabled/site:
server {
listen 80;
server_name $hostname;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name $hostname;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/certificate.key;
location / {
uwsgi_pass 127.0.0.1:9001;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
}
}
/etc/uwsgi/apps-enabled/site.xml
<uwsgi>
<plugin>python</plugin>
<socket>127.0.0.1:9001</socket>
<pythonpath>/opt/web/site/</pythonpath>
<pam>uwsgi</pam>
<app mountpoint="/">
<script>wsgihandler</script>
</app>
</uwsgi>
/etc/pam.d/uwsgi:
@include common-auth
@include common-account
On Fri, Mar 29, 2013 at 11:45 AM, Matt Broadstone <[email protected]> wrote:
> Hi,
> We're trying to migrate our web2py deployment to nginx and running
> into a problem using pam_auth as a login method. Before I go further I
> should clarify that PAM authentication works just fine with apache2
> and a simple debug run with rocket. Also, we are trying to do this on
> Ubuntu 12.04, and the nginx setup is basically verbatim from the
> script provided by web2py
> (scripts/setup-web2py-nginx-uwsgi-ubuntu.sh).
>
> I am unable to log into web2py with local users, and the only relevant
> log message I can find is in my /var/log/auth.log:
>
> Mar 29 11:38:17 mbroadst-build unix_chkpwd[7073]: check pass; user unknown
> Mar 29 11:38:17 mbroadst-build unix_chkpwd[7073]: password check
> failed for user (mbroadst)
> Mar 29 11:38:17 mbroadst-build uwsgi: pam_unix(login:auth):
> authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=
> user=mbroadst
>
> There is surprisingly little information on the internet related to
> these messages, but it seems (from a post on Cherokees forums) that
> this indicates that the user is unable to access the /etc/shadow file.
> I can verify that the nginx and uwsgi configurations are correct, and
> working. Both are running as the www-data user, and the www-data user
> has been added to the shadow group.
>
> Does anyone have a clue what's going on here? I'm getting to the point
> that maybe web2py's pam auth module is the culprit, but I am very
> inexperienced with the technologies involved here.
>
> Matt
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
