mod_auth_pam
Les Mikesell
lesmikesell at gmail.com
Mon Sep 12 05:14:31 UTC 2005
On Sun, 2005-09-11 at 23:50, Tim wrote:
> On Thu, 2005-09-08 at 11:55 -0400, Rodolfo Alcázar wrote:
> > I want to authenticate apache users with the system
> > userfiles (/etc/passwd and shadow). I read I can do that with
> > mod_auth_pam, but I cant find RPM or apache modules, neither clear
> > procedures in google. Where can I find it or what other solution is
> > recommendable?
>
> I was under the idea that was a *very* bad idea. Generally, HTTP
> authentication information is sent unencrypted. You really don't want
> user log-on credentials sent where someone can snoop on them.
>
> However, the same problem exists with fetching your mail.
If you don't want http authentication in the clear, use https.
Everything else is the same. Likewise for the ssl versions of
pop/imap/smtp. It is still sort-of a bad idea to make the
/etc/shadow file readable by the apache group which you have
to do for mod_auth_pam.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list