#
# rpm spec for mod_auth_pam-2.0
#
# ======================================================================

Summary: Basic authentication on top of PAM
Name: mod_auth_pam-2.0
Version: 1.1.1
Release: 1%{?_distver:.%{_distver}}
License: Apache Software License
Group: System Environment/Daemons
Packager: Paul Heinlein <heinlein@madboa.com>
URL: http://pam.sourceforge.net/mod_auth_pam/
Source: http://pam.sourceforge.net/mod_auth_pam/dist/mod_auth_pam-2.0-1.1.1.tar.gz
BuildPrereq: httpd-devel > 2.0.0
Requires: httpd > 2.0.0
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
The PAM authentication module implements Basic authentication on top of
the Pluggable Authentication Module library. Thereby it supports standard
Unix passwd, shadow, NIS, SMB auth and RADIUS authentication transparently
and easily interchangeable, wherever the HTTP protocol allows it.


%prep
%setup -q -n mod_auth_pam


%build
make


%install
/bin/rm -rf %{buildroot}

# apache modules
install -d %{buildroot}%{_libdir}/httpd/modules
install .libs/*.so %{buildroot}%{_libdir}/httpd/modules

# pam config
install -d %{buildroot}%{_sysconfdir}/pam.d
cat <<__eof__ > %{buildroot}%{_sysconfdir}/pam.d/httpd
#%PAM-1.0
auth      required    pam_stack.so service=system-auth
account   required    pam_stack.so service=system-auth
__eof__

# apache configuration
install -d %{buildroot}%{_sysconfdir}/httpd/conf.d
cat <<__eof__ > %{buildroot}%{_sysconfdir}/httpd/conf.d/mod_auth_pam.conf
LoadModule  auth_pam_module  modules/mod_auth_pam.so
LoadModule  auth_sys_group_module  modules/mod_auth_sys_group.so
__eof__

# help with SELinux
cat <<__eof__ >README.selinux
You may have trouble getting mod_auth_pam to work and play well with
Security Enhanced Linux (SELinux). It took me only a little effort to
get things to work using the Red Hat "targeted" policy. (I have no
experience with the "strict" policy, though presumably it would work in
a similar fashion.)

1. Make sure you have the policy sources.

   yum install selinux-policy-targeted-sources

2. Create a local policy file.

   cd /etc/selinux/targeted/src/policy
   vi domains/misc/local.te

3. Add some permissions to the local policy:

   allow httpd_t selinux_config_t:dir search;
   allow httpd_t selinux_config_t:file { getattr read };
   allow httpd_t shadow_t:file { getattr read };

4. Save the policy file. Compile and reload your policy.

   make reload

--Paul Heinlein
__eof__


%clean
/bin/rm -rf %{buildroot}


%files
%defattr(-,root,root)
%doc INSTALL README* doc/*.html
%config %attr(0644,root,root) %{_sysconfdir}/httpd/conf.d/mod_auth_pam.conf
%config %attr(0644,root,root) %{_sysconfdir}/pam.d/httpd
%{_libdir}/httpd/modules/*.so


%changelog
* Tue Aug  9 2005 Paul Heinlein <heinlein@madboa.com> 1.1.1-1
- initial release

###
### eof
###