Welcome! Log In Create A New Profile

Advanced

auth_request vs auth_pam_service_name

January 12, 2015 04:56PM
Hi, I am a newbie at nginx and looking at its authentication capabilities. It appears that when using auth_request, every client request would still require an invokation to the auth_request fastcgi or proxy_pass server.
Looking at auth_pam, I am not clear on how it works:

1. How does nginx pass the user credentials to the PAM module?

2. Would nginx remember that a user has been authenticated? Perhaps via a cookie that'd be returned by PAM? I looked at the nginx pam source code and didn't see it returning any cookie to nginx ... perhaps PAM does it by storing it on some context that's returned to NGINX?

3. Is the auth_pam directive mandatory? When I used it with
locate /
{
auth_pam "Login Banner";
auth_required_service_name "nginx";
}
where the PAM nginx file had 'auth required pam_unix.so"
a user/password login page popped up. But even after I entered a valid user/pwd and hit <cr>, the same login page would pop up again, prompting for a user/pwd. I got the same behavior even after removing the auth_required_service_name statement.
Can someone explain the behavior I experienced?

4. Is there a way for us to provide our own Login html page to the user? If yes, how do we do it and how would we pass the credentials to NGINX?

5. NGINX chooses the authentication method (local vs ldap vs rsa etc) based on the server/uri. For example, /www.example.org users would be authenticated via LDAP: location /example { auth_pam_service_name "authFile" } and the authFile would contains "auth required ldap.so"

Is there a way to configure nginx to base the authentication method on some user configuration outside of nginx?

Thank you for any clarifications!
Subject Author Posted

auth_request vs auth_pam_service_name

nginxuser100 January 12, 2015 04:56PM

Re: auth_request vs auth_pam_service_name

Sergio Talens-Oliag January 13, 2015 03:42AM

Re: auth_request vs auth_pam_service_name

nginxuser100 January 14, 2015 08:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 77
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready