nice. The script shipped with web2py installs uwsgi from pip, so we're covered!
On Monday, April 1, 2013 4:48:59 PM UTC+2, Matt wrote: > > On Fri, Mar 29, 2013 at 12:15 PM, Matt Broadstone > <[email protected]<javascript:>> > wrote: > > On Fri, Mar 29, 2013 at 12:05 PM, Niphlod <[email protected]<javascript:>> > wrote: > >> uhm. Before smashing heads against the wall, there are 3 different > >> "available methods" here..... > >> > >> 1) rely on nginx to authenticate users through pam (kinda of a basic > auth, > >> but checked against PAM) > >> 2) rely on uwsgi to authenticate users through pam (kinda of a basic > auth, > >> but checked against PAM) > >> 3) rely on web2py module to authenticate users through pam > >> > > > > Yes, this is my understanding as well. > > > >> You want the users to reach web2py no matter what, and let the > >> authentication happen using "web2py's logic".... assuming that the only > >> thing you want is not having the username/password combos checked > against a > >> table in web2py's database but against PAM's database. > >> > > > > Yes, this is what we are trying to do. To reiterate: we always want to > > provide access to web2py, and through web2py's auth (using a username > > and password form) we want to authenticate using PAM in the backend. > > > >> Unless I understood it wrong, apache and rocket work. This means (if > you > >> didn't mess with apache configs) that 3) works "out of the box" > >> > >> What it seems by your config is that you're trying to do 2), i.e. > stopping > >> users "one step before", letting uwsgi interact deal pam > >> authentication......that is a different thing. Do you want 1), 2) or 3) > ? > > > > My config is not doing 1 or 2, you may be confused by the fact that I > > provided an /etc/pam.d/uwsgi configuration, and specified pam in the > > uwsgi configuration. > > > > Here's what I _think_ is going on (though my understanding is spotty at > best). > > > > * nginx is serving a python application using uwsgi > > * nginx is properly configured, I can access the site and the web2py > > app shows up > > * web2py is running in the context of uwsgi (and thus inherits its > permissions) > > * web2py has a pam auth module that loads a pam library, attempts to > > connect to pam and authenticate with the credentials provided > > > > after all of those steps, I get the messages in my auth.log that I > > posted above, indicating to me that whatever user is trying to > > authenticate with pam doesn't actually have the rights to authenticate > > against the /etc/shadow file. That was my intention with playing > > around with /etc/pam.d/uwsgi config file, etc. > > > > Matt > > > > > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "web2py-users" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > Hey all, > Just wanted to let you know I figured out what was wrong here. The > problem was that ubuntu ships with a quite out-of-date version of > uwsgi (1.0.3 in 12.04, and in recent releases only up to 1.2.x), which > confuses PAM. If you're trying to do something similar, you need to > run a version of uwsgi >= 1.4 > > Matt > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
