# [solved] How to authenticate via htpasswd and winbind

## johnny99

I am trying to configure websvn to authenticat users from 2 different sources using pam.

My subversion repositories authenticate using mod_authnz_external+pam+samba+winbind  and auth_basic_module+hdpasswd-file.

I would like to let both groups use websvn to browse their repos.

In setting up the websvn apache config file, AuthBasicProvider will allow one argument (in my case either 'file' or 'external' but not both). Since external does send authentication to /etc/pam.d/pwauth, I wonder if pam is capable to authenticating a user given some htpasswd file?Last edited by johnny99 on Fri Feb 06, 2009 2:53 am; edited 3 times in total

----------

## johnny99

I got the authentication to work.

It turns out AuthBasicProvider can handle multiple arguments (reference: http://httpd.apache.org/docs/2.2/en/mod/mod_auth_basic.html#page-header)

but in my case, the order matters.

Arguments to AuthBasicProvider must be 'file' before 'external' (which I had reversed,  so it didn't work). 

I Include this file in my apache config:/etc/apache2/conf.d/websvn

```
<IfModule authnz_external_module>

      AddExternalAuth pwauth  /usr/sbin/pwauth

      SetExternalAuthMethod   pwauth  pipe

</IfModule>

Alias /websvn "/usr/share/webapps/websvn/2.0/htdocs"

<Directory "/usr/share/webapps/websvn/2.0/htdocs">

  Options FollowSymLinks MultiViews

  AllowOverride None

  order allow,deny

  allow from all

  <IfModule mod_php4.c>

    php_flag magic_quotes_gpc Off

    php_flag track_vars On

  </IfModule>

   AuthType Basic

   AuthName "Websvn: Subversion Repository Web Interface"

   Require valid-user

   AuthBasicProvider file external

   AuthExternal pwauth

   AuthUserFile /etc/apache2/my_htpasswd.passwd

</Directory>
```

Now /etc/pam.d/pwauth only contains:

```
#%PAM-1.0

auth    required        pam_winbind.so

account required        pam_winbind.so
```

----------

