Using system accounts for HTTP authentication

From ZS64
Jump to: navigation, search

Password-protecting a website with yet another set of users and passwords can be annoying. If all users of the website already have a shell account on the web server, you can configure Apache to use the system account database for authentication. Note that in HTTP authentication, the password is transmitted unencrypted, so you probably want to enable this only on virtual hosts that are accessible over HTTPS only.

Prerequisite Ports

The following ports need to be installed:

  • www/mod_auth_external2
  • security/pwauth

httpd.conf

Edit httpd.conf to add these lines to the general configuration:

LoadModule              auth_external_module    libexec/apache2/mod_auth_external.so

(Should have been added by installing the port already.)

Add these lines to each virtual host where you'd like to use system accounts for authentication:

AddExternalAuth         pwauth  /usr/local/bin/pwauth
SetExternalAuthMethod   pwauth  pipe

Add these lines to each Directory or Location section that you want protected by authentication:

AuthType        Basic
AuthExternal    pwauth
require         valid-user