Skip to content

Mixing Apache Authentication

Mixing PAM

Linux

How to mix PAM authentication (mod_auth_pam) and text file authentication (mod_auth) with Apache. First install this package:

1
apt-get install libapache2-mod-auth-pam

Then configure your htaccess:

1
2
3
4
5
6
7
AuthPAM_Enabled on
AuthPAM_FallThrough on
AuthAuthoritative Off
AuthUserFile /etc/apache2/htpassword
AuthType Basic
AuthName "Restricted Access"
Require valid-user

If mod_auth_pam doesn't find a valid user, it falls back to mod_auth authentication automatically.

Here is another example with webdav:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    Alias /webdav /var/www/ngs
    <Location /webdav>
        DAV On
        AuthPAM_Enabled on
        AuthBasicAuthoritative Off 
        AuthPAM_FallThrough off 
        AuthUserFile /dev/null
        AuthType Basic
        AuthName "Webdav Authentication"
        Require group ngs 
    </Location>

OpenBSD

On OpenBSD, I had to install mod_auth_bsd:

1
pkg_add -iv mod_auth_bsd

Then, enable the module for Apache:

1
/usr/local/sbin/mod_auth_bsd-enable

Then restart Apache this way:

1
2
apachectl stop
apachectl start

Then in the Apache configuration /var/www/conf/http.conf, add this:

1
2
3
4
5
6
7
8
9
AuthBSDGroup auth

<Directory /var/www/htdocs/private>
   SSLRequireSSL
   AuthType Basic
   AuthName "ACME Login"
   AuthBSD On
   Require valid-user
</Directory>

Restriction by IP address

Imagine using Jinzora. You don't want all your music to be accessible on the web. Simply add this to your VirtualHost configuration:

1
vi /etc/apache2/sites-enabled/000-default@

1
2
3
4
5
<Location /jinzora>
        Order deny,allow
        Deny from all
        Allow from 192.168.0.0/24
</Location>

This will allow all the 192.168.0.0 subnet to access your website. Then reload Apache:

1
/etc/init.d/apache2 reload

Restriction by htaccess

This documentation is on how to protect a directory by htaccess (login + password).

Insert these lines and adapt to your configuration (/etc/apache2/sites-enabled/000-default):

1
2
3
4
5
        <Directory /var/www/myhtaccess>
                AllowOverride AuthConfig
                Order allow,deny
                allow from all
        </Directory>

Then create a file .htaccess in /var/www/myhtaccess and put this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
AuthType Basic
AuthName "Acces Prive"
AuthGroupFile /dev/null
AuthUserFile /etc/apache2/htaccesspassword

<Limit GET POST>
        Require valid-user
</Limit>

php_value magic_quotes_runtime 1
php_value magic_quotes_gpc 1

Then create your access file with the user (/etc/apache2/htaccesspassword):

1
htpasswd -c /etc/apache2/htaccesspassword username

For the next time, to add users, just remove "-c" like this:

1
htpasswd /etc/apache2/htaccesspassword username

Don't forget to restart Apache.

For a good documentation, follow this: Documentation on Htaccess

Authentication by Countries

Deny Or Allow Countries With Apache htaccess

Authentication through Radius

Here is how to authenticate through a radius server:

Radius Authentication
How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu