[horde] Horde with PAM-authentication on Debian 10 Buster with PHP7.3 ?
Ralf Lang
lang at b1-systems.de
Thu May 14 17:15:25 UTC 2020
Hi Christoph,
Am 30.04.20 um 14:01 schrieb Christoph Haas:
> Hello,
>
> I'm trying to use PAM-authentication (as I did on an old Horde-setup
> with PHP5.6) with Horde Groupware on a new Debian 10 Buster
> installation with PHP7.3.
>
> I've set in /var/www/html/horde/config/conf.php
> $conf['auth']['driver'] = 'pam';
>
>
> And in /etc/pam.d I've created a file
> /etc/pam.d/horde
>
> with this content:
> @include common-auth
> @include common-account
> @include common-session-noninteractive
>
> and I've created the symbolic links:
> ln -s /etc/pam.d/horde /etc/pam.d/pam
> ln -s /etc/pam.d/horde /etc/pam.d/service
>
> also I've configured /etc/nslcd.conf like I did on my old installation.
>
> -->> On the old install this setup works like a charm.
>
>
> But on the newly setup Debian Buster with PHP7.3, I get stuck with the
> error in the WebUI, when trying to login:
> A fatal error has occurred
> PAM authentication is not available.
>
> and on the console:
> HORDE: [horde] PAM authentication is not available. [pid 355 on line
> 49 of "/usr/share/php/Horde/Auth/Pam.php"]
>
> In line 48 will be checked, if the pam-extension exists:
> if (!Horde_Util::extensionExists('pam'))
>
> So I've tried to install
> pecl install pecl/pam-1.0.3
>
> (like I did on my old system), but the building of this package fails
> (like mentioned in:
> http://horde.690.n7.nabble.com/Tickets-14696-Fresh-install-on-Debian9-gt-Error-td141190.html#a141192
> and https://bugs.php.net/bug.php?id=74812 and
> https://bugs.php.net/bug.php?id=74396). Also the pecl/pam-package
> seems to be unmaintained.
>
> A fix seems to use the updated pam-package from
> https://github.com/amishmm/php-pam (like proposed in
> https://serverfault.com/questions/987746/pam-for-php-7-2-and-horde),
> which builds OK:
> git clone https://github.com/amishmm/php-pam.git
> cd php-pam
> phpize
> ./configure
> make
> make install
>
> The newly build pam.so file is located at /usr/lib/php/20180731 like
> all other packages.
>
> But how do I make Horde to recognize this pam-package?
>
> Many thanks! Cheers
> Christoph.
Under which name does PHP recognize the new selfbuilt pam extension when
you output a phpinfo()?
If it doesn't show up at all, that's your (non-horde) issue to fix.
Probably you need to edit php.ini or /etc/php7/conf.d/something.ini to
make it load. Don't forget to reload the web server once you change this.
If the pam extension is seen under a similar-but-different name in the
phpinfo() output, you need to patch Auth/Pam.php's line to match that
new name.
Hope that helps.
Generally I wonder what's the use case/benefit for pam authentication.
In case the imap server authenticates system login users through pam,
you could use imap for horde auth. In case the pam user source is
anything outside the server (sql, ldap, ...) it would also make sense to
access these.
Regards
Ralf
--
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 2220 bytes
Desc: not available
URL: <https://lists.horde.org/archives/horde/attachments/20200514/080325fe/attachment.key>
More information about the horde
mailing list