
Installing pam_auth can be simple or complicated. There are basically three
ways to do it.

REQUIREMENTS

- php 4.2 or later
- pam capable OS

INSTALLATION METHOD 1

The first way to install it is to build it along with php as you would any
other extension.

1) copy the pam_auth tarball to the ext directory in your php source tree
2) tar xzf pam_auth-X.tar.gz to uncompress it
3) in the top level of the php source directory, run ./buildconf
4) configure php as usual, using the --with-pam_auth flag
5) there is no step 5

INSTALLATION METHOD 2 and 3

The following methods both build and use a shared module. Basically, a library
php can load rather than building it as a part of php. This is useful if you
already have php installed and don't wish to reinstall it.

The way you go about getting the shared module can be done two different ways.

METHOD 2 - Preferred

1) unpack the pam_auth tarball anywhere
2) cd pam_auth
3) phpize
4) ./configure
5) make
6) make install

done!

METHOD 3 - If method 2 fails (as it does for me on the stock redhat 8/9
installation of apache and php)

1) obtain the php source for the version of php you are running (must be the
   same version)
2) unpack it, copy the pam_auth tarball to the ext/ subdirectory and extract it
3) run ./buildconf
4) run ./configure --with-pam_auth=shared
5) make
6) cp ext/pam_auth/pam_auth.so to your php extensions directory
   (by default this is /usr/local/lib/php/extensions/no-debug-non-zts-X
   but it can be changed in your php.ini. It may also be set to something
   different with a vendor installed php, such as /usr/lib/php4 for 
   redhat. If in doubt, create a phpinfo() page and check)


ENABLING THE MODULE

Finally, you need to make the module available. You can do this either in one
of two ways.

1) insert dl("pam_auth.so") at the top of the files that need to use it
2) add extension=pam_auth.so to your php.ini file

PAM SETUP

For pam_auth to work, pam must know about the php service.

For the module itself, the only real configuration is the servicename. By
default, this is set to php. It can be changed by adding the following to your
php.ini:

pam_auth.servicename = "whatever";

You probably don't want to do this, as all this does is tell the module how to
identify itself to pam.

Next, you'll need to create a pam service file for php. If you are on linux,
you'll need to create the file /etc/pam.d/php. You can copy another one to work
off of (/etc/pam.d/login is a good choice).

On solaris, you'll need to edit /etc/pam.conf and add an entry for php.

Some examples that should work:

on linux:

# /etc/pam.d/php
#
# note: both an auth and account entry are required

auth	sufficient	/lib/security/pam_pwdb.so shadow nodelay
account	sufficient	/lib/security/pam_pwdb.so

on solaris:

# add to /etc/pam.conf

php		auth	required	/usr/lib/security/pam_unix.so.1
php		account	required	/usr/lib/security/pam_unix.so.1

These would authenticate out of the unix password and shadow file. I'd
recommend checking other entries for your systems pam configuration however, as
the libraries these entries point to may not be correct.

DONE!

See README for usage instructions.

See README for instructions on use.

