On Fri, Mar 29, 2013 at 12:05 PM, Niphlod <niph...@gmail.com> wrote: > uhm. Before smashing heads against the wall, there are 3 different > "available methods" here..... > > 1) rely on nginx to authenticate users through pam (kinda of a basic auth, > but checked against PAM) > 2) rely on uwsgi to authenticate users through pam (kinda of a basic auth, > but checked against PAM) > 3) rely on web2py module to authenticate users through pam >
Yes, this is my understanding as well. > You want the users to reach web2py no matter what, and let the > authentication happen using "web2py's logic".... assuming that the only > thing you want is not having the username/password combos checked against a > table in web2py's database but against PAM's database. > Yes, this is what we are trying to do. To reiterate: we always want to provide access to web2py, and through web2py's auth (using a username and password form) we want to authenticate using PAM in the backend. > Unless I understood it wrong, apache and rocket work. This means (if you > didn't mess with apache configs) that 3) works "out of the box" > > What it seems by your config is that you're trying to do 2), i.e. stopping > users "one step before", letting uwsgi interact deal pam > authentication......that is a different thing. Do you want 1), 2) or 3) ? My config is not doing 1 or 2, you may be confused by the fact that I provided an /etc/pam.d/uwsgi configuration, and specified pam in the uwsgi configuration. Here's what I _think_ is going on (though my understanding is spotty at best). * nginx is serving a python application using uwsgi * nginx is properly configured, I can access the site and the web2py app shows up * web2py is running in the context of uwsgi (and thus inherits its permissions) * web2py has a pam auth module that loads a pam library, attempts to connect to pam and authenticate with the credentials provided after all of those steps, I get the messages in my auth.log that I posted above, indicating to me that whatever user is trying to authenticate with pam doesn't actually have the rights to authenticate against the /etc/shadow file. That was my intention with playing around with /etc/pam.d/uwsgi config file, etc. Matt > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.