blob: 07772d5eff6321358e94b34ed091b8b2a3fadcca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Apache module mod_intercept_form_submit
=======================================
Apache module to intercept submission of application login forms. It
retrieves the login and password information from the POST HTTP
request, runs PAM authentication with those credentials, and sets the
REMOTE_USER environment variable if the authentication passes.
Module configuration
--------------------
The module needs to be configured for Location that the application
uses to process the login form POST requests. The configuration has to
specify three values:
InterceptFormPAMService name_of_the_PAM_service
The PAM service to authenticate against.
InterceptFormLogin the_login_field_name
Name of the login field in the login form, and thus the login
parameter in the POST request.
InterceptFormPassword the_password_field_name
Name of the password field in the login form, and thus the
password parameter in the POST request.
All three parameters need to be specified or the interception will not
be enabled.
Example:
<Location /users/login>
InterceptFormPAMService http_application_sss
InterceptFormLogin login[login]
InterceptFormPassword login[password]
</Location>
The PAM service needs to be configured. For the above shown
http_application_sss example, file /etc/pam.d/http_application_sss
could be created with content
auth required pam_sss.so
to authenticate against sssd.
On SELinux enabled systems, boolean allow_httpd_mod_auth_pam needs to
be enabled:
setsebool -P allow_httpd_mod_auth_pam 1
Building from sources
---------------------
When building from sources, command
apxs -i -a -c mod_intercept_form_submit.c -lpam -Wall -pedantic
should build and install the module.
License
-------
Copyright 2013 Jan Pazdziora
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
|