Apache: Pre-compiled mod_auth_pam for SLES 11

This was ridiculous. Since apache-devel isn’t available in SLES (and I do understand why, but give me the option at least!), I had to sync up one of my SLES machines to an OpenSuSE repository and get all of my necessary packages required to compile mod_auth_pam. I was required to downgrade quite a few packages, but whatever works, eh?

For those of you running SLES and are trying to get mod_auth_pam to work, you can grab a precompiled copy of mod_auth_pam.tgz.

This works on the standard Apache2 install that comes with SLES 11. I presume it also works on OpenSuSE 11 as well. Just download the tgz, extract the contents, and run ./install. Then you can load up Novell’s step-by-step tutorial on how to get this to work. Take note at the instructions to manually change a few files because that still needs to be done.

For my future reference, here are the Apache directives I ended up using:

AuthPAM_Enabled On
AuthPAM_FallThrough Off
AuthBasicAuthoritative Off
AuthGROUP_Enabled Off
AuthUserFile /dev/null
AuthType Basic
AuthName ADDomain
require valid-user

While this works, it isn’t seamless like way mod_auth_ntlm_winbind, but it works over SSL, unlike mod_auth_ntlm_winbind.

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain RealCajunRecipes.com in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory, Apache, Linux, Security
4 comments on “Apache: Pre-compiled mod_auth_pam for SLES 11
  1. Birger says:

    Hi Chrissy,
    thanks for bringing up the topic of using pam instead of winbind on SLES 11 (just what I googled for). If you need the devel-packages from SLES 11 you can download a DVD rpm-Repository of the SLE-11-SDK from Novell: https://nu.novell.com/repo/$RCE/SLE11-SDK-Pool/
    That contains everything you need to build apache modules. There's also a mirror at: http://demeter.uni-regensburg.de/SLES11-SDK-x64/D
    Cheers,
    Birger

  2. Ian Veach says:

    Chrissy – Why do you understand why apache-devel is not in there? Because it's devel?

    FWIW, Novell's repository DOES contain most devel packages, but there's a dependency from libapr-util1-devel (needed by apache2-devel) for db-devel, and there doesn't seem to be a db-devel package. Not really sure how to solve this other than attempt to build my own db-devel rpm from source. I've looked across all SDK (and normal) pools and not found db-devel anywhere.

    • Chrissy LeMaire says:

      Ivan, yes, because it's development. SuSE Enterprise Edition only supports final packages that have been thoroughly tested. Everything else goes to OpenSUSE.

Leave a Reply

Your email address will not be published. Required fields are marked *

*