Project

General

Profile

Actions

Feature #1692

closed

Add support for /etc/passwd in auth

Added by trajano almost 15 years ago. Updated almost 7 years ago.

Status:
Wontfix
Priority:
Normal
Category:
mod_auth
Target version:
ASK QUESTIONS IN Forums:

Description

Add an auth backend that uses the system authentication (e.g. /etc/passwd).

Actions #1

Updated by gstrauss almost 7 years ago

  • Description updated (diff)
  • Category changed from core to mod_auth
  • Status changed from New to Wontfix
  • Assignee deleted (jan)

This sounds like a very bad idea since it might be the same credentials needed to log into the system with a shell, if, say, ssh is externally available. Even without that, extensive logic would be needed to attempt to curtail and slow down brute force attacks. Also, this would likely require elevated privileges (root), or, better, a separate (privileged) agent, and logic would need to be added keep lighttpd non-blocking while waiting for a response. (Such is true for other database-backed auth mechanisms, too)

Future work in lighttpd 1.4.x might make it easier to write custom auth backends, but I do not see lighttpd providing a backend for /etc/passwd, though there is the possibility of a PAM-based auth.

Actions

Also available in: Atom