pwauth - authenticator for mod_authnz_external and the Apache HTTP Daemon
Pwauth is an authenticator designed to be used with mod_auth_external or
mod_authnz_external and the Apache HTTP Daemon to support reasonably secure
web authentication out of the system password database on most versions of
Unix. Particulary - secure authentication against PAM.
The simplest test pwauth is to start a root shell and just run pwauth. It will
attempt to read the login and password from standard input, so type a login
name, hit return, then type a password, and hit return (the password will echo
on your screen). The check the status code that was returned (in csh:
"echo $status" in sh: "echo $?").
If the login/password were correct you should get a zero status code. If not,
you will get some other value. See below the list of status codes to find the
meaning of the various values returned. Any values 50 or greater indicate a
- 0 STATUS_OK
- Login OK.
- 1 STATUS_UNKNOWN
- Nonexistant login or (for some configurations) incorrect
- 2 STATUS_INVALID
- Incorrect password (for some configurations).
- 3 STATUS_BLOCKED
- Uid number is below MIN_UNIX_UID value configured in
- 4 STATUS_EXPIRED
- Login ID has expired.
- 5 STATUS_PW_EXPIRED
- Login's password has expired.
- 6 SSTATUS_NOLOGIN
- Logins to system have been turned off (usually by
- 7 STATUS_MANYFAILES
- Limit on number of bad logins exceeded.
- 50 STATUS_INT_USER
- pwauth was invoked by a uid not on the SERVER_UIDS list. If
you get this error code, you probably have SERVER_UIDS set incorrectly in
pwauth's config.h file.
- 51 STATUS_INT_ARGS
- pwauth was not given a login & password to check. The
means the passing of data from mod_auth_external to pwauth is messed up.
Most likely one is trying to pass data via environment variables, while
the other is trying to pass data via a pipe.
- 52 STATUS_INT_ERR
- one of several rare and unlikely internal errors occurred.
You'll have to read the source code to figure these out.
- 53 STATUS_INT_NOROOT
- pwauth was not able to read the password database. Usually
this means it is not running as root. (PAM and login.conf configurations
will return 1 in this case.)
was written by Jan Wolter <firstname.lastname@example.org>.
This manual page was written by Hai Zaar <email@example.com>, for the
Debian project (but may be used by others).