Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.
-
Here's a link to a module that works with mod_perl to do exactly what you're asking: Apache-AuthenPasswd-0.12
From Swish -
mod_auth_external (http://code.google.com/p/mod-auth-external/) can be configured to auth against /etc/shadow
David Pashley : This is made of WIN. You're running another daemon as root, but it should be simple enough to be sure there's no security problems with it.From rodjek -
mod_auth_pam
mod_auth_pam is the standard method on most UNIX systems and apache.
Example:
Configure PAM
Here’s what the /etc/pam.d/httpd looks like (could be different on your distro)
auth required pam_unix.so auth required pam_unix.so account required pam_unix.soConfigure Apache
AuthPAM_Enabled on AllowOverride None AuthName "secure area" AuthType "basic"David Pashley : How does this work without putting www-data in the shadow group?David Pashley : Oh, it doesn't. FAIL.From Jeremy Rossi -
Is it possible---yes. However, I'm not sure that this is a really good idea from a security standpoint. I thought that there is a lot of information out there saying not to directly link the system passwd information as an authentication source.
Another possibility (with a lot of effort and planning) is to implement LDAP.
From mdpc
0 comments:
Post a Comment