pluggable authentication for Apache


The PAM authentication module implements Basic authentication on top of the Pluggable Authentication Module library. Due to constraints in the "Basic" authentication scheme (RFC 2617), it only supports username/password-style authentication. Due to the architecture of Apache, it only supports modules that can run as an unprivileged (non-root) user.

That said, it works quite well for standard /etc/passwd authentication and, with a little bit of work, can support NIS and SMB auth and probably others. As all these are system password databases, it should be used in conjunction with SSL/TLS.

Status & Support

mod_auth_pam is not supported and/or developed any longer. The original author moved on and it mostly works for Apache 1.3 and 2.0. For help with the module, please check the FAQ first (most problems are related to the PAM modules, not to mod_auth_pam itself). If no answer is found, post to the general PAM mailing-list. There are quite a few friendly folks on the list who are able to help.

New maintainers would be very welcome, please apply on the list!

Related Modules

For authentication against /etc/shadow, I recommend mod_authnz_external. For use with LDAP, several LDAP modules are available, choose a recent one.