Archive for January 2009
Authentication for Apache httpd against Unix accounts
This morning I spent a little time to configure a new installation of Apache httpd to use authentication against Unix accounts. Why create a separate account database, if the users who should access content via httpd are the same that access the host via ssh? It seemed logical to use the same account database for both and that database is the shadow password system made accessible through PAM.
So I looked for the right module to use. There are two libapache2-mod-authnz-external and libapache2-mod-auth-pam. Apparently the latter is no longer under development.
With the help of this very good writeup by Jonathan Weiss I had the authentication against shadow passwords working quickly.
Just as Jonathan I don’t quite understand why the ability to authenticate against shadow password requires one to compile code and dissolve conflicts amongst modules manually. Is the wish to authenticate against shadow passwords so rare? Probably it is, as you don’t want to do that for a publicly available server out on the Internet where the web users are not the same as the system users. For internal purposes it is quite handy though. The server for which I needed this will become a build server for a small development team.
