You want to be using saslauthd and apache's mod-authn-sasl. Then you don't need to give httpd access to /etc/shadow.
You want to be using saslauthd and apache's mod-authn-sasl. Then you don't need to give httpd access to /etc/shadow.