pamauthenticationApache.md

Pam Authentication for Apache - KodeKloud

The document root /var/www/html of all web apps is on NFS share /data on storage server in Stratos Datacenter. We have a requirement where we want to password protect a directory in the Apache web server document root. We want to password protect http://:<apache_port>/protected URL as per the following requirements (you can use any website-url for it like local host since there are no specific requirements as of now):

a. We want to use basic authentication

b. We do not want to use htpasswd file base authentication. Instead, we want to use PAM authentication, i.e. Basic Auth + PAM so that we can authenticate with a Linux user.

c. We already have a user james with password GyQkFRVNr3 which you need to provide access to.

d. You can access the website on the LBR Link. To do so click on the + button on the top of your terminal, select Select port to view on Host 1, and after adding port 80 click on Display port.

Solution

ssh and do tasks below in all three app servers

Install pwauth

sudo yum --enablerepo=epel -y install mod_authnz_external pwauth

Edit the config and add the lines

vi /etc/httpd/conf.d/authnz_external.conf

<Directory /var/www/html/protected>
AuthType Basic
AuthName "PAM Authentication"
AuthBasicProvider external
AuthExternal pwauth
require valid-user

</Directory>

Create a protected directory

sudo mkdir -p /var/www/html/protected

Open the index.html file and you will see the protected directory message

sudo vi /var/www/html/protected/index.html

Restart Apache

sudo systemctl restart httpd
sudo systemctl status httpd

Test with curl command

curl -u james:GyQkFRVNr3 http://localhost:8080/protected

Test with step d.

click + and Select Port on Host 80 link and then enter 80 port. 
Then add /protected to the end of the link, authentication window will be opened. 
Enter username and password.

References

KodeKloud-Engineer Nautilus