How to access Unix passwd file from Apache when using .htaccess?
Solution 1
mod_auth_external (http://code.google.com/p/mod-auth-external/) can be configured to auth against /etc/shadow
Solution 2
mod_auth_pam
mod_auth_pam is the standard method on most UNIX systems and apache.
Example:
Configure PAM
Here’s what the /etc/pam.d/httpd looks like (could be different on your distro)
auth required pam_unix.so
auth required pam_unix.so
account required pam_unix.so
Configure Apache
AuthPAM_Enabled on
AllowOverride None
AuthName "secure area"
AuthType "basic"
Solution 3
Is it possible---yes. However, I'm not sure that this is a really good idea from a security standpoint. I thought that there is a lot of information out there saying not to directly link the system passwd information as an authentication source.
Another possibility (with a lot of effort and planning) is to implement LDAP.
Solution 4
Here's a link to a module that works with mod_perl to do exactly what you're asking: Apache-AuthenPasswd-0.12
Related videos on Youtube
casualcoder
Updated on September 17, 2022Comments
-
casualcoder over 1 year
Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.
-
David Pashley almost 15 yearsHow does this work without putting www-data in the shadow group?
-
David Pashley almost 15 yearsOh, it doesn't. FAIL.
-
David Pashley almost 15 yearsThis is made of WIN. You're running another daemon as root, but it should be simple enough to be sure there's no security problems with it.
-
casualcoder over 12 yearsI would still like to know how to implement LDAP. It seems more difficult than it should be.