The other day I found myself needing to restrict access to a web site to only users who had logins to a system … while also allowing other users, who didn’t have logins, to access.
mod_auth_pam was the solution for the users with a login … and standard ‘htpasswd’ access was the answer for the other users … but getting the two to work together was causing problems.
A bit of Googling turned up this technique that solves the problem quite nicely.
AuthPAM_Enabled on AuthPAM_FallThrough on AuthAuthoritative Off AuthUserFile /path/to/htpassword AuthType Basic AuthName "Secure" Require valid-user
[tags]apache, authentication, htaccess[/tags]