[Libwebsockets] PAM authentication for http sessions
andy at warmcat.com
Tue Sep 4 07:41:31 CEST 2018
On 09/04/2018 01:25 PM, Necktwi Ozfguah wrote:
>> On 04-Sep-2018, at 9:19 AM, Necktwi Ozfguah <necktwi at ferryfair.com
>> AFAIK I don't have any use for PAM + lws.
>> What would you actually use it for?
> I am running a hobby web server. I want my web users to use the linux
> login credentials. Of course lws and PAM are independent. Thank you.
It's probably not a good idea to do that... unless perhaps they're
logging into a server that is running on the same box, like cups does it.
If you're running TLS / SSL, then Basic Auth is pretty easy to use.
You maintain a text file in a dir that isn't served anywhere over http.
It contains credentials one per line in the format
Then you just point .basic_auth_login_file on the the mount you want to
be protected to the filepath on the server with the credentials
See the related minimal example
However you really shouldn't put the PAM credentials in the basic auth
file... it's too easy for some user who gets their browser to remember
their login for your site to leak a perfectly usable PAM login then...
More information about the Libwebsockets