PAM Authentication For Apache -- Probable Issue with LBR link

Hi,

I was assigned the task PAM Authentication For Apache, I did configure it to use Basic auth + PAM on all the 3 app servers and it worked fine. However, it failed with PAM Authentication is not set correctly on at least one of the app server. Screenshots attached.




When I try to check the settings using the LBR link it redirects to the DocumentRoot which was set to “/var/www/html” by default and there is no option to redirect it to http:URL:80/protected. In order to check the LBR url, I had to change the default DocumentRoot to /var/www/html/protected which also worked as expected but the task failed.

Can you please help me identify what the issue was, or does the task validates the default DocumentRoot configuration, and if this what caused the task to fail. However, it was not mentioned in the task to “not to modify any existing configuration” and there is no option to change the LBR URL to a custom link like http:URL:80/protected, hence no way to check the config using the LBR URL unless I am missing something.

Thanks in advance.

Show me your conf file, please.

Hi,

I used the below config file: /etc/httpd/conf.d/authnz_external.conf

<Directory /var/www/html/protected>
    AuthType Basic
    AuthName "PAM Authentication"
    AuthBasicProvider external
    AuthExternal pwauth
    require valid-user
</Directory>
1 Like

This looks good, Hv u restarted apache afterwards ?

Yes, I did, and you can see from the screenshots I was able to access the URL using the ID as well, the only thing I changes was the DocumentRoot to access it from the LBR.

This was probably the reason for failure. No need to change DocumentRoot, just access normally and when get response default html page add to the address /protected.

I do get that, however, there is no option to access the /protected url using the LBR it would always default to the DocumetRoot in the app, so in order to check that I modified that, and as it was given in the task itself. So my point is there should be an option to modify the URL in the app when accessing the website from the LBR or it should by default point to the http:url:80/protected in order to avoid confusion.

Task 4 cannot be achieved without modifying the DocumentRoot.

Just do what they said in point d then add in URL /protected to go to desired subpage. When I did that I got login window and after supplying credentials I got html page for protected directory. I hope u got this if not I will do screenshot next time I face such or similar problem.

Oh, I didn’t even try adding a /protected on the URL that I get in the LBR, thanks I will give it a try next time.

hi there, might be not the right thread…

I’m new, got the same problem.

But how I can access root user. I’m stuck with thor

Just started learning devops, any input will be helpful

Hey @imsiddharth , try switching to the root user using the below command:

#sudo su -

@dipjyoty @andrzej

I am following this article to complete this task.

followed this step as per the task.

my results:


c. We already have a user kareem with password GyQkFRVNr3 which you need to provide access.

how to give permissions to kareem?

d. You can access the website on LBR link, to do so click on the + button on top of your terminal and select option Select port to view on Host 1 and after adding port 80 click on Display Port .

I am getting this page, as I understand, it should ask for kareem login details and the pam auth page should be displayed here right?

please check and advise.

thanks

@Inderpreet @Tej-Singh-Rana
Please check and advise.
Thank you!

In URL please add ‘/protected’ to get subpage.

1 Like

Thank you @andrzej


I was able to complete the task successfully.
Thanks
Swaroop

1 Like

Hi @swaroopcs88

How did you provide access to Kareem user? Or you just followed the directions from the page above you mentioned and added /protected to URL? Also, PAM needs SSL certificate? How did you manage that? I failed in the task :frowning:

Hi Mukesh,

I followed the URL article I mentioned in the beginning.

as suggested by Andrej, I added the /protected to the URL.


you can see it in my last comments where I have copied the screenshot.

@andrzej @dipjyoty
executing the below commands was still coming with the same results.


is this the expected result? or I should be getting something else.
Thank you!
Swaroop

curl -u user:password http://localhost:8080/protected/
don’t use two times curl in single command line, if you are doing then use standard method.

1 Like

@mukeshfulewale Using SSL is not required in this task, you can comment out the entry for SSLRequireSSL in the configuration.

2 Likes

@dipjyoty
Ok thanks! Anyways I failed the task so can’t do anything now. Is there anything we could get the same task again?