Can apache use /etc/passwd (or /etc/shadow) as a password file?

[liquidsam]

Linux: Suse 10
Apache: 2.0.58

I'm trying to use username/password combos from unix as valid username/password combos inside of Apache. Suse uses a shadow file for passwords located at /etc/shadow, so inside my httpd.conf I put:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/shadow

I've gotten Apache to accept username/password combos from a password file created by htpasswd as the Apache docs tell you to do, but I really need every user on the system to have access. Anyone know how to do this or if it's even possible?

-Sam

 

[mbrooks]

No. Only root can read the /etc/shadow and you should be running Apache as it's own user anyway.
Stick with the .htaccess method.

M. Brooks

http://mbrooks.info

 

[feherke]

Hi

Only root can read the /etc/shadow

Not that simple. You can change your password using [tt]passwd[/tt] without being root.

Feherke.

http://rootshell.be/~feherke/

 

[mbrooks]

You can change your password using passwd without being root.

Writing are reading are two totally different things.

M. Brooks

http://mbrooks.info

 

[feherke]

Hi

I only gave an example for why is not so simple. I do not confound read and write permissions and do not intend to discuss this here.

To answer Sam's question :
[ul]
[li]You could authenticate through LDAP : System Authentication using LDAP[/li]
[li]You could handle the authentication through Perl : Apache2::Access[/li]
[/ul]

Feherke.

http://rootshell.be/~feherke/

 

[liquidsam]

Considering the greatest security risk most of us have ever taken is putting our computers on the internet, I am not too worried about the security aspect of this endeavor of mine. If you don't know the answer, then please don't chime in with off-topic concerns.

What I need to be able to do is have users login to a website (hosted by apache software) using their unix account login. I'm sure there's a way to do it without running apache as root, /etc/shadow was just the first idea I had, if I knew the answer I obviously wouldn't be posting here.

-Sam

 

[feherke]

Hi

If you don't know the answer, then please don't chime in with off-topic concerns.

Which answer you consider off-topic, M. Brooks's or my ? We both gave our best to answer your question. If you do not like the answers, please red flag them and next time mention in you question that you only accept answers from the greatest experts. So we could waste our time on someone else question, who at least will not criticize us.

Feherke.

http://rootshell.be/~feherke/

 

[mbrooks]

So we could waste our time on someone else question, who at least will not criticize us.

So true.

M. Brooks

http://mbrooks.info

 

[lgarner]

Quite true. Especially since both responders provided information that could, with a bit of effort by the questioner, provide insight on how to make this work.

Only root can read & write /etc/shadow as it's chmod 400. Not worried about security? Then change that.

The passwd program works for all users because it's suid root. Again, try that approach rather than dismiss a couple of valid answers.

Personally, I'd first try looking into PAM.