Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.
Asked
Active
Viewed 9,798 times
4 Answers
4
mod_auth_external (http://code.google.com/p/mod-auth-external/) can be configured to auth against /etc/shadow
rodjek
- 3,327
- 17
- 14
-
This is made of WIN. You're running another daemon as root, but it should be simple enough to be sure there's no security problems with it. – David Pashley Aug 14 '09 at 05:53
4
mod_auth_pam
mod_auth_pam is the standard method on most UNIX systems and apache.
Example:
Configure PAM
Here’s what the /etc/pam.d/httpd looks like (could be different on your distro)
auth required pam_unix.so
auth required pam_unix.so
account required pam_unix.so
Configure Apache
AuthPAM_Enabled on
AllowOverride None
AuthName "secure area"
AuthType "basic"
Jeremy Rossi
- 742
- 3
- 4
-
How does this work without putting www-data in the shadow group? – David Pashley Aug 14 '09 at 05:50
-
1
1
Here's a link to a module that works with mod_perl to do exactly what you're asking: Apache-AuthenPasswd-0.12
Robert Swisher
- 1,147
- 7
- 14
1
Is it possible---yes. However, I'm not sure that this is a really good idea from a security standpoint. I thought that there is a lot of information out there saying not to directly link the system passwd information as an authentication source.
Another possibility (with a lot of effort and planning) is to implement LDAP.
mdpc
- 11,856
- 28
- 53
- 67
-
I would still like to know how to implement LDAP. It seems more difficult than it should be. – casualcoder Feb 18 '12 at 23:26