Is it possible to use a auth_basic password protection using linux users and passwords?
I'd like to password protect a website allowing only Linux users and their passwords stored in /etc/passwd
and /etc/shaddow
to login.
Apache and nginx allow to restrict accessung by using a HTTP auth_basic using specific user and password files. Is it possible to use /etc/passwd
and /etc/shadow
instead or keep the files in sync somehow?
Solution 1:
There are two problems with a direct approach:
the password hashes for local user accounts are stored in /etc/shadow
-
/etc/shadow
has more fields than onlylogin:hash
- the permissions on
/etc/shadow
allow only the root user to read the contents and your webserver shouldn’t be running as root
So that file can’t be used with basic authentication and the most common module https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html
What you can do:
-
use mod_authnz_pam to make Apache use the PAM authentication mechanism to authenticate users. https://github.com/adelton/mod_authnz_pam
-
or use mod-auth-external in combination with pwauth
https://serverfault.com/a/692619/546643
https://github.com/phokz/mod-auth-external