OpenSUSE 12.3 checkpassword-pam 失效?!

從 OpenSUSE 12.2 升級至 OpenSUSE 12.3 後
不知為何原本正常的 Apache + NIS Authentication 居然
一直出現密碼錯誤無法登入

[Thu Apr 11 18:33:55 2013] [error] [client 192.168.103.1] AuthExtern checkpassword-pam [/usr/local/bin/checkpassword-pam -H --noenv --debug --stdout -s httpd -- /bin/true]: Failed (2) for user steve
[Thu Apr 11 18:33:55 2013] [error] [client 192.168.103.1] user steve: authentication failure for "/svn/": Password Mismatch

似乎是 checkpassword-pam 出了問題
重新下載 checkpassword source re-compile and re-install 也無效
大膽假設 checkpassword 在 OpenSUSE 12.3 有相容性問題 無法工作
無計可施的情況下,只好尋求其他的 Apache + NIS Authentication 的方案
最後找到另一個 solution : http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html#NIS

Step.1 Install Perl Modules: ExtUtils-AutoInstall, Net-NIS, Apache2-AuthenNIS

$ perl -MCPAN -e shell 
  ... (Answer no)
install ExtUtils::AutoInstall
install Net::NIS
install Apache2::AuthenNIS
quit

Step.2 Test if perl modules installed correct

$ vi testApache2AuthenNIS.pl
#!/usr/bin/perl
BEGIN{push @INC, "/usr/lib/perl5/site_perl/5.16.2/Apache2";}
eval "use Apache2::AuthenNIS"; $hasApacheAuth = $@ ? 0 : 1;
printf "Apache2::AuthenNIS". ($hasApacheAuth ?  "" : " not") . " installed";
printf "n";
$ sudo perl testApache2AuthenNIS.pl
Apache2::AuthenNIS installed

Step.3 Modify subversion.conf

$ vi /etc/apache2/conf.d/subversion.conf
        <Location /svn/>
                DAV svn
                SVNParentPath /svn/repos
                SVNListParentPath on
                # Limit write permission to list of valid users.

                # Require SSL connection for password protection.
                # SSLRequireSSL

                AuthType Basic
                AuthName "Subversion Server"
                PerlAuthenHandler Apache2::AuthenNIS
                PerlSetVar AllowAlternateAuth no
                #AuthExternal checkpassword-pam
                #AuthBasicProvider external
                Require valid-user
                AuthzSVNAccessFile /svn/svnaccess.conf
        </Location>

Step.5 restart Apache2

Done!

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *