Skip to content
Micah Andersen edited this page Dec 1, 2017 · 1 revision

Mod_auth_external is, of course, useless unless it has an external authenticator to run. There are some examples of authenticators included in the distribution, and several useful ones are available separately.

Example External Authenticators in Distribution

test
Several small dummy external authentication programs written in Perl. These are meant only for testing of mod_auth*_external. They accept any user whose password exactly matches his login name. They write lots of debugging info to the error_log file.

Author and Maintainer: Jan Wolter
auth-mysql
A external authenticator for authenticating out of a MySQL database. Written in Perl using the DBI/DBD library, so it is easily adapted to any other SQL server. (These days, using Apache's mod_authn_dbd is probably a better choice for most appications.)

Author and Maintainer: Anders Nordby

Example Internal Authenticators in Distribution

radius
A Radius client using code from the publicly available Merit Radius source code. Unmaintained.

Author: Tyler Allison (allison@nas.nasa.gov)

sybase
A function that queries a sybase database and compares the passwords for said user.
Unmaintained.

Author: br@ota.fr.socgen.com

Authentication Modules Available Separately

Mod_auth*_external can be used either with authenticators specifically written for it or with checkpassword authenticators. This is not a complete list of checkpassword authenticators, but I'll include a few here.

pwauth
A setuid-root external authentication program for securely authenticating out of most flavors of Unix shadow password files, or via PAM. Combined with 'pam_smb', this supports NT-style SMB authentication. Supports some Unix lastlog and faillog options.

Available From: http://code.google.com/p/pwauth/

Author and Maintainer: Jan Wolter

vcheck
An external authenticator by Anders Brander for use against a vpopmail user database.

Available From: http://anders.brander.dk/stuff/workings/vcheck/

Author and Maintainer: Anders Brander

checkpassword
The original checkpassword program authenticates from the Unix system password file, like pwauth.

Available From: http://cr.yp.to/checkpwd/install.html

Author: D. J. Bernstein

checkpassword-pam
Another way to authenticate via PAM.

Available From: http://checkpasswd-pam.sourceforge.net/

Author: Alexey Mahotkin alexm@hsys.msk.ru

checkpassword-ldap
An LDAP authenticator.

Available From: http://freshmeat.net/projects/checkpassword-ldap/
checkpasswd-imap
An IMAP authenticator written in Python that caches credentials for better performance and so you don't overrun server rate limits.

Available From: http://www.namazustudios.com/blog/checkpasswd-imap-a-mod_authnz_external-style-password-checker/

Author: Patrick Twohig

radcheckpassword
Checking against external Radius server(s).

Available From: http://free.acrconsulting.co.uk/email/radcpw.html

Author: Andrew Richards