Making htpasswd=user's password

Making htpasswd=user's password

Post by Ted Schundle » Sat, 11 Jul 1998 04:00:00



Is there anyway to make it so that the authentication a user needs to
access a web page is drawn for their username and password on the
server, i.e. from the system's passwd file, instead of an htpasswd
created file?
I want any user to acess a web page with their own username and
password, from the same source the system uses for when they telnet in,
or use POP to check their mail.
 
 
 

Making htpasswd=user's password

Post by Michael Fu » Sun, 12 Jul 1998 04:00:00



> Is there anyway to make it so that the authentication a user needs to
> access a web page is drawn for their username and password on the
> server, i.e. from the system's passwd file, instead of an htpasswd
> created file?
> I want any user to acess a web page with their own username and
> password, from the same source the system uses for when they telnet in,
> or use POP to check their mail.

Using system passwords for web access can be dangerous (e.g., if
somebody's sniffing connections) but if you're already allowing
cleartext passwords for telnet and POP then allowing them for HTTP
authentication probably isn't adding to the problem.  Just make sure
your users are aware of the security implications.

You don't mention what HTTP server you're using so I'll go with the
odds and assume Apache.  See the Apache Module Registry:

    http://modules.apache.org/

There are several modules for authenticating users against the system
password file.

--
Michael Fuhr
http://www.fuhr.net/~mfuhr/