Jump to content

Photo

Tengine auth_pam


12 replies to this topic

#1
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA
I want to authenticate users against a mysql database (joomla) before allowing access to certain areas of the filesystem. I'm using tengine. I found an auth_pam that can be used to authenticate against myself through pam.

How can I install this under funtoo for tengine? Anyone do anything like this before?

Thanks

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#2
axelgenus

axelgenus

    Member

  • Members
  • PipPip
  • 25 posts

If you need to authenticate users among different platforms mysql is not (IMHO) the best choice. I built a server long ago which had LDAP as back-end for web (vBulletin), FTP and PAM authentication. I really do not know JOOMLA but I guess it has LDAP support.



#3
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA
No, I don't care about scalability and I doubt Ill ever have more than a handful of users (total). On a single machine ldap would be a waste as it uses mysql as its backend. And joomla is just a cms. I don't think it can auth against leap.

Besides, I'm not trying to make this more complicated. I just don't want to have the password protection used for access to sensitive files to be different from the joomla password. I hate having to maintain multiple passwords for a single website and want to do that to someone else.

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#4
axelgenus

axelgenus

    Member

  • Members
  • PipPip
  • 25 posts

I guess you are using this package [1]. You can follow this guide [2].

 

 

 

[1] https://packages.gen...-auth/pam_mysql

[2] https://support.aspe...e-against-MySQL



#5
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA

I guess you are using this package [1]. You can follow this guide [2].



[1] https://packages.gen...-auth/pam_mysql
[2] https://support.aspe...e-against-MySQL

You misunderstood the problem. I can work with pam and all that. This isnt an admin question but more of a tengine question with some funtoo complications.

OOTB, Nginx and tengine only support file based, auth_basic authentication. Joomla has its own authentication and user scheme which is backed by mysql. I have some stuff I want to protect in the file system so HTTP authentication makes more sense than relying on joomla to protect access (since you could always use a direct URL to bypass php)

There is an external module which you either have to compile from source or install as an "extras" RPM which provides auth_pam. This is only ever mentioned for nginx, not tengine, but it should (in theory) be compatible especially if compiled from source against tengine's tree.

Now, enter funtoo. There is no rebuild for this so if it works, it could get destroyed on the next update. I am NOT changing Linux user authentication. Pam can be used to authenticate any subsystem against anything else, so this one auth_pam would let nginx (and hopefully tengine) authenticate against anything.

Make more sense now?

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#6
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA


Now, enter funtoo. There is no rebuild for this so if it works, it could get destroyed on the next update.

Sent from my A0001 using Tapatalk


Tapatalk wont let me re-edit and my phone auto-corrected. Should have said Ebuild, not rebuild. Sorry

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#7
axelgenus

axelgenus

    Member

  • Members
  • PipPip
  • 25 posts

So basically you want to let your users to browse some folder through an HTTP interface but with authentication, right?



#8
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA
Right, and tengine only supports auth_basic which I have set now

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#9
axelgenus

axelgenus

    Member

  • Members
  • PipPip
  • 25 posts

Is there any reason to use auth_basic? I remember using AjaXplorer some time ago (now they call it Pyd.io [1]).

 

[1] https://pyd.io/



#10
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA
I don't like the idea of having to install yet more software on my system, and then move these files out of the web server directory to somewhere else. Then, the pyd.io demo failed on my phone. I couldn't tap on the password field, had to use my tab key (which most keyboards don't have) and it still wouldn't log in. Not impressed.

I just want to use a different authentication method in tengine. That shouldn't be too hard.

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#11
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA

I don't like the idea of having to install yet more software on my system, and then move these files out of the web server directory to somewhere else. Then, the pyd.io demo failed on my phone. I couldn't tap on the password field, had to use my tab key (which most keyboards don't have) and it still wouldn't log in. Not impressed.

I just want to use a different authentication method in tengine. That shouldn't be too hard.

Sent from my A0001 using Tapatalk

Oh... and one more thing. This wouldn't solve my problem at all. I want to avoid two sets of passwords. I doubt pyd.io will authenticate against my joomla database, will it?

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.


#12
axelgenus

axelgenus

    Member

  • Members
  • PipPip
  • 25 posts

Oh... and one more thing. This wouldn't solve my problem at all. I want to avoid two sets of passwords. I doubt pyd.io will authenticate against my joomla database, will it?

Sent from my A0001 using Tapatalk

 

Well it may need some hacking... I never tried to integrate it with some other piece of software but it shouldn't be too hard. See here [1] for some other software which runs natively under Joomla as a plugin.

 

 

[1] http://extensions.jo...nsion/extplorer



#13
uudruid74

uudruid74

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDallas, TX USA

Well it may need some hacking... I never tried to integrate it with some other piece of software but it shouldn't be too hard. See here [1] for some other software which runs natively under Joomla as a plugin.


[1] http://extensions.jo...nsion/extplorer

The problem with a native Joomla solution is that the files would have to be moved to where the web server can't get them and you'd need to always log in through Joomla.

I want easy direct URLs with no Joomla crap. I don't want a Joomla module. I just don't want two sets of passwords. Under Apache, you have a number of auth modules to authenticate the user. I need to be able to do that with tengine

Sent from my A0001 using Tapatalk

https://github.com/u.../bashTheObjects -- Object Oriented Programming in BASH !!
https://eddon.systems -- Stuff I'm Working on.




Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users