mod_auth_shadow - An Apache module for authentication using /etc/shadow.
by Brian Duggan <bduggan@matatu.org>
This software may be distributed under the terms of the GNU General Public License (GPL).
- Contents
- README - this file INSTALL - installation instructions CHANGES - release notes makefile - the makefile mod_auth_shadow.c - source for the module validate.c - source for validate validate.h - configurable #define's for validate.c testvalidate.c - A program to test validate. mod_auth_shadow.spec - an rpm spec file
- Description
mod_auth_shadow is an Apache module for authenticating users via an /etc/shadow file.
When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody".
mod_auth_shadow addresses this difficulty by opening a pipe to an suid root program, validate, which does the actual validation. When there is a failure, validate writes an error message to the system log, and waits three seconds before exiting.
Adapted for Apache 2 by Bernard du Breuil <bernard.l.dubreuil@erdc.usace.army.mil>.
Thanks to Jeff Moore <jbm@oven.com> and Bennett Todd <bet@rahul.net> for helping tackle this problem.
Thanks to Otto Wehrheim for help with the require group directive.
Thanks to Marcin Owsiany for several bug fixes.