Authenticate in Apache via System Account

I currently have my apache server to authenticate via a password file created from htpasswd. Configured as such:

AuthType Basic
AuthName "Secured Site"
AuthUserFile "/etc/apache2/users.passwd"

How can I change this to authenticate via local system accounts and additionaly restrict to only a subset of local system accounts in a specified group?

Solution 1:

As suggested by David Z, you can use mod-authnz-external. Use it with pwauth for example.

If you are running Debian or a derivative:

apt-get install libapache2-mod-authnz-external pwauth
a2enmod authnz_external

In your configuration, add

<IfModule mod_authnz_external.c>
  AddExternalAuth pwauth /usr/sbin/pwauth
  SetExternalAuthMethod pwauth pipe
</IfModule>

And in the Directory section or your .htaccess file:

    AuthType Basic
    AuthName "Login"
    AuthBasicProvider external
    AuthExternal pwauth
    Require valid-user
    # or
    # Require user jules jim ...

Finally reload the configuration with apache2ctl restart or service apache2 reload.

See also this documentation.

Solution 2:

You probably want to look into something like mod_auth_pam. PAM is the "Pluggable Authentication Module" system and the standard Linux (I'm assuming this is Linux) system login mechanism relies on PAM to do its authentication.

Another option is mod_authnz_external, which will look directly at the /etc/shadow file to authenticate accounts.

EDIT: Apparently mod_auth_pam is no longer maintained (unfortunately), so maybe mod_authnz_external would be a better bet...