Home / server / Questions / 10100
Accepted
devin
Asked: 2009-05-20 12:43:44 +0800 CST

Force Login for a webpage

  • 772

How do I force someone to login for a webpage?

Specifically, I have a linux server, where everyone has a login to that server. Can I make users login to the webpage with that login info?

If I can't use that apporach, what are my other options?

password web-server

4 Answers

  1. Assuming you are using apache, then you could use the mod_auth_pam module to use the local system for authentication.

    At least on Debian/Ubuntu you would need to add the www-data to the shadow group (/usr/sbin/adduser www-data shadow).

    You would also need to add a section to your apache configuration like this.

    <Location />
    # libapache2-mod-auth-pam is required
    AuthBasicAuthoritative Off
    AuthPAM_Enabled on
    AuthUserFile /dev/null
    AuthType Basic
    AuthName "PAM"
    Require valid-user
    Order Deny,Allow
    Deny from all
    Satisfy Any
</Location>

    You should also strongly consider setting up SSL so your system passwords will not be stolen by someone with a sniffer.

    • 6
  2. Best Answer

    Assuming you're running Apache, you may want to use an htaccess file. Apache also has built in access controls that you can use.

    • 5

  3. If you want to build it into your website, you can build in session management and protect the content that you want.

    If you want to give them file access, you may want to look at samba instead.

    Just to be sure, are you trying to get people to login to the server and access the server's resources (file shares, etc) by only logging into a webpage and not into the server it self?

    Good luck

    • 1

  4. If you want people to be able to login using their server login credentials then take a look at http://code.google.com/p/mod-auth-external/

    As other people have mentioned there is also mod_auth_pam but that isn't developed any more but might work for you. As ever YMMV :)

    • 1