How to access Unix passwd file from Apache when using .htaccess?

linux apache-2.2 password pam
9,626

Solution 1

mod_auth_external (http://code.google.com/p/mod-auth-external/) can be configured to auth against /etc/shadow

Solution 2

mod_auth_pam

mod_auth_pam is the standard method on most UNIX systems and apache.

Example:

Configure PAM

Here’s what the /etc/pam.d/httpd looks like (could be different on your distro)

auth required pam_unix.so
auth required pam_unix.so
account required pam_unix.so

Configure Apache

AuthPAM_Enabled on
AllowOverride None
AuthName "secure area"
AuthType "basic"

Solution 3

Is it possible---yes. However, I'm not sure that this is a really good idea from a security standpoint. I thought that there is a lot of information out there saying not to directly link the system passwd information as an authentication source.

Another possibility (with a lot of effort and planning) is to implement LDAP.

Solution 4

Here's a link to a module that works with mod_perl to do exactly what you're asking: Apache-AuthenPasswd-0.12

Share:
9,626

Related videos on Youtube

casualcoder
Author by

casualcoder

Updated on September 17, 2022

Comments

  • casualcoder
    casualcoder over 1 year

    Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.

  • David Pashley
    David Pashley almost 15 years
    How does this work without putting www-data in the shadow group?
  • David Pashley
    David Pashley almost 15 years
    Oh, it doesn't. FAIL.
  • David Pashley
    David Pashley almost 15 years
    This is made of WIN. You're running another daemon as root, but it should be simple enough to be sure there's no security problems with it.
  • casualcoder
    casualcoder over 12 years
    I would still like to know how to implement LDAP. It seems more difficult than it should be.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to change password database file(/etc/passwd) in linux?
Disable password complexity check (PAM)
CentOS PAM unable to open /etc/pam.d/system-auth
Users cannot use crontab after password security upgrade
Ubuntu password policy
Program for decrypt linux shadow file
Where are passwords stored?
SSH authentication: either SSH keys or one time password
How do I enforce a password complexity policy?
How do you set requirements (such as minimum length) on passwords?