In order to get a Subversion source control server running via Apache HTTP server on Redhat/Fedora Linux, with no separate user authentication, I had to get the Apache server on the box to authenticate the Subversion svn URL against a Windows network. In this case that meant an NT4 Windows domain. There's a few tricks to this that took awhile to figure out. Here's an outline of the process to get Apache to protect the resource using Windows network login and passwords...
0. Install the Apache module mod_auth_pam.
1. Connect the Linux host to the Windows domain. From the menus, select: Administration -> Authentecation -> Authentecation -> Winbind
Configure winbind and and click the "join" button. Note that this required the Windows administrator's username and password.
2. Edit the system's services and enable winbindd to run on startup
Now these commands should work:
\\ % ;
wbinfo -a XYZ\\jsexton%my_password
should successfully authenticate jsexton against the NT domain XYZ.
3. Setup PAM's http configuration. Here's the use of pam_permit.so. Without this, PAM will check for a valid local account and fail. You'll find references out there to having to make /etc/shadow readable by the httpd for this reason. But using the permit option avoids this problem. This took awhile to figure out because I was using myself as a test and I do in fact have a local account. What I didn't realize was that it was not smart enough to deal with the leading Windows domain on the username. User "jsexton" existed on the linux box, but "XYZ\jsexton" did not. Not having to enter the Windows domain with the username when logging in would also solve the problem, but I don't see how to make that happen in the winbindd setup, for an NT domain.
auth sufficient pam_winbind.so debug
#account required pam_winbind.so debug
account required pam_permit.so
4. Set Apache to load PAM:
LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so
5. Protect a sample directory:
Alias /test/ "/test/"
Allow from all
AuthName "AUTH TEST"
Now loading http://localhost/test/ should ask for a name and password and authenticate against the Windows domain (note the trailing slash on the URL). Enter the Windows domain in the username with one back-slash, ie "XYZ\jsexton". Watch /var/log/messages and /var/log/httpd/error_log for information. The exact location of some of these files may vary on your system.