Jun 062011
 

I already have a list of users in a mysql database that I use for postfix smtp authentication/sasl. I wonder, whether the list can be used for http authentication 😀 . Well, let’s find out.

First of all, of course we must compile nginx to support http_auth_pam_module module.
download ngx_http_auth_pam_module-1.2.tar.gz

When compiling from source build as usual adding the -add-module option:

./configure --add-module=$PATH_TO_MODULE

My pam_mysql for postfix smtp authentication /etc/pam.d/smtp

auth required pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0
account sufficient pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqllog=0


Nginx configuration

	server {
		listen       80;
		server_name  www.example.com;
		access_log  /var/log/nginx/nginx-test-access.log  main;

		location /secured {
			alias /path/to/public_html/restricted/;
			auth_pam              "Restricted Zone";
			auth_pam_service_name "smtp";
		}

		location / {
			root   /path/to/public_html;
			index  index.html index.htm;

		}
	}

when accessing http://www.example.com/secured via web browser, browser pops up the login box, that’s a good sign.

nginx auth pam chrome

nginx auth pam chrome

login using my smtp authentication username and password i was successfully landed on default index.html

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.