# .htaccess Authentication using Unix users/groups?



## TommyWillB (Nov 2, 2003)

Is there a way to get Apache's .htaccess authtentication us use the Mac's existing users/groups for Authentication?

I'd rather just manage users/groups using the Mac GUI rather than the .htaccess command line.


----------



## slur (Nov 8, 2003)

Apache's .htaccess functionality comes from an Apache module named mod_auth.

Linux systems typically use PAM, which stands for Pluggable Authentication Module. On these systems you'd need a module that hooks into PAM. In fact there is a mod_auth_pam module.

In order to get Apache to do system-level authentication on Mac OS X you need a module that hooks into Mac OS X's own authentication system, NetInfo. The closest thing to this is mod_auth_ldap, which I believe is supported by Mac OS X Server.

This guy claims to have gotten this kind of authentication to work just by setting the options he describes. He's using Mac OS X Server and not the client version, and there are apparently significant differences. In any case I'm unable to reproduce his results on Panther Client. It may be enough just to use Workgroup Manager to create users in NetInfo, but I don't think it's supported on Mac OS X Client.

This post on SlashDot seems to bolster my assumptions and implies that one can compile and use mod_auth_ldap to tie into NetInfo.

However, to complicate matters, Apache 1.3.x lacks support for the LDAP modules. Apparently they can only be used with Apache 2.0.x.

Of course, with this kind of authentication you should only use it on a private network or if it's a public site, then through SSL (e.g., an HTTPS area that disallows non-HTTPS requests) to keep passwords (and all data) from being sent in the clear. It's bad enough to leak your HTTP passwords. Under this scheme you'd be potentially exposing system user passwords.

Good luck!


----------



## TommyWillB (Nov 8, 2003)

Thanks slur!

For the moment this basically tell's that I shouldn't bothere trying this now.


----------

