Home / server / Questions / 54025
Accepted
casualcoder
Asked: 2009-08-14 16:21:47 +0800 CST

How to access Unix passwd file from Apache when using .htaccess?

  • 772

Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.

linux

4 Answers

  1. Best Answer

    mod_auth_external (http://code.google.com/p/mod-auth-external/) can be configured to auth against /etc/shadow

    • 4

  2. mod_auth_pam

    mod_auth_pam is the standard method on most UNIX systems and apache.

    Example:

    Configure PAM

    Here’s what the /etc/pam.d/httpd looks like (could be different on your distro)

    auth required pam_unix.so
auth required pam_unix.so
account required pam_unix.so

    Configure Apache

    AuthPAM_Enabled on
AllowOverride None
AuthName "secure area"
AuthType "basic"
    • 4

  3. Here's a link to a module that works with mod_perl to do exactly what you're asking: Apache-AuthenPasswd-0.12

    • 1

  4. Is it possible---yes. However, I'm not sure that this is a really good idea from a security standpoint. I thought that there is a lot of information out there saying not to directly link the system passwd information as an authentication source.

    Another possibility (with a lot of effort and planning) is to implement LDAP.

    • 1