[Libwebsockets] PAM authentication for http sessions

Andy Green andy at warmcat.com
Tue Sep 4 07:41:31 CEST 2018

On 09/04/2018 01:25 PM, Necktwi Ozfguah wrote:
>> On 04-Sep-2018, at 9:19 AM, Necktwi Ozfguah <necktwi at ferryfair.com 

>>     AFAIK I don't have any use for PAM + lws.
>>     What would you actually use it for?

> I am running a hobby web server. I want my web users to use the linux 
> login credentials. Of course lws and PAM are independent. Thank you.

It's probably not a good idea to do that... unless perhaps they're 
logging into a server that is running on the same box, like cups does it.

If you're running TLS / SSL, then Basic Auth is pretty easy to use.

You maintain a text file in a dir that isn't served anywhere over http. 
It contains credentials one per line in the format


Then you just point .basic_auth_login_file on the the mount you want to 
be protected to the filepath on the server with the credentials

See the related minimal example


However you really shouldn't put the PAM credentials in the basic auth 
file... it's too easy for some user who gets their browser to remember 
their login for your site to leak a perfectly usable PAM login then...


More information about the Libwebsockets mailing list