Answer for KodeKloud Question -PAM Authentication For Apache

 The document root /var/www/html of all web apps is on NFS share /data on storage server in Stratos Datacenter. We have a requirement where we want to password protect a directory in the Apache web server document root. We want to password protect http://<website-url>:<apache_port>/protected URL as per the following requirements (you can use any website-url for it like localhost since there are no such specific requirements as of now):

a. We want to use basic authentication.

b. We do not want to use htpasswd file base authentication. Instead, we want to use PAM authentication, i.e Basic Auth + PAM so that we can authenticate with a Linux user.

c. We already have a user mark with password BruCStnMT5 which you need to provide access to.

d. You can access the website on LBR link. To do so click on the + button on top of your terminal, select Select port to view on Host 1, and after adding port 80 click on Display Port

Sample Answer:

#login to an app server 

    ssh <user>@<app-server-Ip>

#switch to root user 

    sudo su

#install mod_authnz_external pwauth package

    yum --enablerepo=epel -y install mod_authnz_external pwauth

#create the protected directory 

   mkdir -p  /var/www/html/protected/

#create an index.html file side the protected directory 

    vi /var/www/html/protected/index.html

#do below configuration in authnz_external.conf file for basic auth+  PAM authentication 

    vi /etc/httpd/conf.d/authnz_external.conf

    # add below lines to  the end

    <Directory /var/www/html/protected>

         AuthType Basic

        AuthName "PAM Authentication"

        AuthBasicProvider external

        AuthExternal pwauth

        require valid-user

    </Directory>

  #save the file 

# restart the httpd services 

    systemctl restart httpd

*AS PER THE QUESTION YOU MUST TO ABOVE STEPS FOR ALL THE APP SERVER

#TESTING

    curl -u <user>:<password> http://localhost:8080/protected/


*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)

Note: **The Question copied it for learning purposes.** Commands are correct but based on your question the server, user name, and other details might differ, so please do check.

By at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

Answer for Kodekloud DEVOPS Questions - Init container in Kubernetes

Question: 1. Create a Deployment named as ic-deploy-devops. 2. Configure spec as replicas should be 1 , labels app should be ic-devops , ...