twiki启用pam

{Htpasswd}{FileName} = ''
{PasswordManager} = none
{LoginManager} = TWiki::LoginManager::ApacheLogin

%COPYRIGHT%
%INFO_CLASSIFICATION_CONFIDENTIAL%

mod_perl is an Apache module that greatly speeds up Perl CGI applications by pre-loading the Perl interpreter and compiling Perl scripts only once - it can be used with TWiki with no code changes. It is already used by some TWiki sites on both Unix/Linux and Windows. For more background, see http://perl.apache.org/. See also ModPerlProxied for configuration with the Advanced Extranet Server. (http://www.advx.org).

---++ Install mod_perl

%CODE{lang="c"}%
   yum -y install mod_perl
%ENDCODE%

   * You can generate the twiki.conf and mod_perl_startup.pl from the website: http://twiki.org/cgi-bin/view/TWiki.ApacheConfigGenerator. Put the twiki.conf to /etc/httpd/conf.d and mod_perl_startup.pl to /var/www/html/twiki/tools.

---++ Install PAM

   * pluggable authentication for Apache
      * The PAM authentication module implements Basic authentication on top of the Pluggable Authentication Module library. Due to constraints in the "Basic" authentication scheme (RFC 2617), it only supports username/password-style authentication. Due to the architecture of Apache, it only supports modules that can run as an unprivileged (non-root) user.That said, it works quite well for standard /etc/passwd authentication and, with a little bit of work, can support NIS and SMB auth and probably others. As all these are system password databases, it should be used in conjunction with SSL/TLS.
      * Install mod_auth_pam for TWiki. You can download the "mod_auth_pam" rpm package from internnet. Then you will find /etc/httpd/conf.d/auth_pam.conf.
      * cat auth_pam.conf
%CODE{lang="c"}%
LoadModule auth_pam_module modules/mod_auth_pam.so

LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
%ENDCODE%

   * edit twiki.conf
      * Add
%CODE{lang="c"}%
AuthPAM _Enabled on

AuthPAM _FallThrough off
%ENDCODE%
Between
%CODE{lang="c"}%
<Directory "/var/www/html/twiki/bin">
%ENDCODE%
and
%CODE{lang="c"}%
AuthName
%ENDCODE%
      * Add
%CODE{lang="c++"}%
<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|rest|.*auth).*">

require valid-user

</FilesMatch>
%ENDCODE%

After

   %CODE{lang="c"}%

<'FilesMatch "^(configure)$">

!SetHandler cgi-script

Order Deny,Allow

Deny from all

Allow from rat093 192.168.21.143 127.0.0.1

Require user timwang

Satisfy Any

</FilesMatch>

   %ENDCODE%

---++ You can review the details from attached files "twiki.conf" and "mod_perl_startup.pl".