Spec Name or Url: http://fedora.ivazquez.net/files/extras/mod_auth_pam.spec SRPM Name or Url: http://fedora.ivazquez.net/files/extras/mod_auth_pam-1.1.1-1.src.rpm Description: The PAM authentication module implements Basic authentication on top of the Pluggable Authentication Module library. Thereby it supports standard unix passwd, shadow, NIS, SMB auth and radius authentication transparently and easily interchangeable, wherever the HTTP protocol allows it.
Looks good (very close to what I've been using). Now, pam is a dark-art and mysterious black-box to me most of the time (so my understanding and suggestion my be way off-base), but, I'd suggest replacing the sample pam.d/httpd containing: #%PAM-1.0 auth required /lib/security/pam_unix.so account required /lib/security/pam_unix.so with #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth so that mod_auth_pam uses whatever has been configured via system-config-auth.
Worth mentioning too that the /lib/security/*.so lines won't work on x86_64 where those are in /lib64/security/ instead, so yes, fixing those lines is required.
Updated.
* Please use "install -p" to preserve timestamps * Change the Requires line to: Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel) as in the PHP package, it causes an error in mock. * If you want, you can use a dist tag. * Is the License tag correct ? I know you have included the full text of the license, but maybe the License tag should be "Distributable", (which is what we use when we mean "look at the LICENSE file") * please prefix the additional sources with mod_auth_pam- for those who have a common SOURCES dir (as in the default rpm setup).
The requires httpd-mmn lines stills kills mock. In the file root.log: /sbin/runuser -c 'rpm -Uvh --nodeps /builddir/build/originals/mod_auth_pam-1.1.1-1.src.rpm' mockbuild mod_auth_pam warning: user ignacio does not exist - using root warning: group ignacio does not exist - using root [...] warning: group ignacio does not exist - using root ####### error: line 16: Version required: Requires: httpd-mmn = The reason is that when mock installs the srpm, httpd is not yet installed, but the spec file is parsed. You have to add some kind of "|| true" parachute to the line, as done in the php package.
One option to consider is: #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_permit.so as a variation that will allow web access to anyone that can authenticate to pam even if they don't otherwise have an account set up. This can be used, for example. with smb authentication against a windows domain and will permit anyone in the domain to use web services even if they can't log into the machine services that require an account (and unlike winbindd, smb doesn't create one).
(In reply to comment #6) Updated. (In reply to comment #7) I added a little note to the PAM config about this.
One last thing : /usr/share/doc/mod_auth_pam-1.1.1/COPYING is set executable.
Whoops. Updated.
Review for release 1: * RPM name is OK * Source mod_auth_pam-2.0-1.1.1.tar.gz is the same as upstream * Builds fine in mock * rpmlint of mod_auth_pam looks OK * File list of mod_auth_pam looks OK * Works fine.
Built for FC4 and devel.