Install and Configure Auth Shadow on Debian/Ubuntu
This method of installation and configuration works for me, using a combination of apt and building from source. Therefore, an easier method may exist. Always be sure to check the software you are installing from apt using
apt-cache showpkg pkgname
for version and dependencies. As usual, your mileage may vary and you proceed at your own risk.
You must have a working apache or apache2 installation and understand the concepts involved with restarting the server, enabling modules and the location and format of configuration files, e.g., httpd.conf or apache2.conf.
Auth Shadow or mod-auth-shadow is a module for apache (and apache2, sort of) that enables authentication against /etc/shadow. The benefits being that any system user with a password can be authenticated for web_dav, subversion or simply an https server. The only other way to do this is with PAM. That method is dangerous because the apache user (www-data in my case) must be able to read /etc/shadow. Obviously, not a good idea. Auth Shadow accomplishes this safely by using a intermediate program called validate. This works because validate can be owned by root but executable by everyone. In the event that your server is compromised through apache, your password file will not be readable.
Officially, mod-auth-shadow only exists for apache and not for apache2. I was not willing to accept this. I will demonstrate the installation on debian/ubuntu using apt for apache. For apache2, I had to find a build of the module for x86. This presents two problems. First, the newest version has not yet been built and second, the version that has been built (in an .rpm file) contains a bug in the "validate" program causing uid errors.
Download - Apache2 only
Download the rpm for your architecture from rpmfind.net - downloads.
Download the latest source code (for compiling validate) from sourceforge here.
sudo apt-get install libapache-mod-auth-shadow
In order to install a module from an .rpm, you must install alien.
sudo apt-get install alien
From here you can install the rpm by doing
sudo alien -i packagename.rpm
Compile Validate - Apache2 only
In the directory containing the source for mod-auth-shadow compile with
sudo make validate
sudo cp validate /usr/sbin
This must be done as root because the permissions are changed.
Loading the Auth Shadow Module
Apache should be handled automatically by apt-get install.
Apache2 requires us to
sudo a2enmod auth_shadow
Wherever your configurations for directory, location or virtual
hosts is, try modifying the following configuration to fit your needs.
Only the basic requirements are included in this example.
In addition, I would not recommend using AuthType Basic without
ssl because the passwords will be sent in plaintext.
AuthName "Secure Login against User Passwords"
Require user system-username
#Require user valid-user
Allow from all