Lighttpd

This sounds like a very bad idea since it might be the same credentials needed to log into the system with a shell, if, say, ssh is externally available. Even without that, extensive logic would be needed to attempt to curtail and slow down brute force attacks. Also, this would likely require elevated privileges (root), or, better, a separate (privileged) agent, and logic would need to be added keep lighttpd non-blocking while waiting for a response. (Such is true for other database-backed auth mechanisms, too)

Future work in lighttpd 1.4.x might make it easier to write custom auth backends, but I do not see lighttpd providing a backend for /etc/passwd, though there is the possibility of a PAM-based auth.