Is it possible to use a auth_basic password protection using linux users and passwords?

Question

I'd like to password protect a website allowing only Linux users and their passwords stored in /etc/passwd and /etc/shaddow to login.

Apache and nginx allow to restrict accessung by using a HTTP auth_basic using specific user and password files. Is it possible to use /etc/passwd and /etc/shadow instead or keep the files in sync somehow?

score 3 · Answer 1 · answered Dec 23 '20 at 13:14

There are two problems with a direct approach:

the password hashes for local user accounts are stored in /etc/shadow

/etc/shadow has more fields than only login:hash
the permissions on /etc/shadow allow only the root user to read the contents and your webserver shouldn’t be running as root

So that file can’t be used with basic authentication and the most common module https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html

What you can do:

use mod_authnz_pam to make Apache use the PAM authentication mechanism to authenticate users. https://github.com/adelton/mod_authnz_pam
or use mod-auth-external in combination with pwauth

https://serverfault.com/a/692619/546643

https://github.com/phokz/mod-auth-external

Oh great! I wasn't very clear in my question, I'd prefer a solution which works with nginx too. This one probably doesn't, but I'll have a look if there is something similar for nginx. — lumbric, Dec 24 '20 at 09:56

Is it possible to use a auth_basic password protection using linux users and passwords?

1 Answers1