Add support for /etc/passwd in auth
Add an auth backend that uses the system authentication (e.g. /etc/passwd).
Updated by gstrauss almost 7 years ago
- Description updated (diff)
- Category changed from core to mod_auth
- Status changed from New to Wontfix
- Assignee deleted (
This sounds like a very bad idea since it might be the same credentials needed to log into the system with a shell, if, say, ssh is externally available. Even without that, extensive logic would be needed to attempt to curtail and slow down brute force attacks. Also, this would likely require elevated privileges (root), or, better, a separate (privileged) agent, and logic would need to be added keep lighttpd non-blocking while waiting for a response. (Such is true for other database-backed auth mechanisms, too)
Future work in lighttpd 1.4.x might make it easier to write custom auth backends, but I do not see lighttpd providing a backend for /etc/passwd, though there is the possibility of a PAM-based auth.
Also available in: Atom