Is it possible to use a auth_basic password protection using linux users and passwords?

authentication nginx http-basic-authentication

I'd like to password protect a website allowing only Linux users and their passwords stored in /etc/passwd and /etc/shaddow to login.

Apache and nginx allow to restrict accessung by using a HTTP auth_basic using specific user and password files. Is it possible to use /etc/passwd and /etc/shadow instead or keep the files in sync somehow?


Solution 1:

There are two problems with a direct approach:

the password hashes for local user accounts are stored in /etc/shadow

  • /etc/shadow has more fields than only login:hash
  • the permissions on /etc/shadow allow only the root user to read the contents and your webserver shouldn’t be running as root

So that file can’t be used with basic authentication and the most common module https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html

What you can do:

  • use mod_authnz_pam to make Apache use the PAM authentication mechanism to authenticate users. https://github.com/adelton/mod_authnz_pam

  • or use mod-auth-external in combination with pwauth

https://serverfault.com/a/692619/546643

https://github.com/phokz/mod-auth-external

Related

Is it possible to install Windows 10 on a ubuntu VPS using SSH?
SSL Errors on iOS
Server Reached MaxRequestWorkers Setting
how does isc-dhcp-server start on debian 10 with systemd
nginx detecting dead clients
Block all outgoing ssh traffic
Docker change existing stack to start with user namespace but keep images, volumes and containers
How to generate CSR for multi-domain (UCC) purchased SSL certificate?
How to use literal "." in Apache VirtualDocumentRoot
Can't access SSH after run iptables -P OUTPUT DROP
How to allow an SCP client to change file mod time without being the owner
Why is Apache trying to kill a process on startup and why would that cause a failure for Apache to start?