[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: /etc/shadow and mod_auth_pam with pam_pwdb

From: Ingo Luetkebohle <ingo devconsult de>
To: pam-list redhat com
Cc: thi <ttn gnu org>
Subject: Re: /etc/shadow and mod_auth_pam with pam_pwdb
Date: Sun, 21 Feb 1999 13:11:06 +0100 (MET)

On Sun, 21 Feb 1999, Savochkin Andrey Vladimirovich wrote:
> If I needed to set up such http configuration I'd give to the httpd a separate
> pair of passwd/shadow 
> 1. without root and other powerful accounts, and
> 2. with user passwords different from passwords for the other services.

That can be done easily by using the standard Apache mod_auth. However,
the whole point of mod_auth_pam is not to do this, but use the system
database to have a unified authentication database.

Frankly, creating a completely new authorization database for every
service can't be the solution and I'm quite fed up with this proposal.
Sure, have a password for e-mail, another one for ftp, another one for web
and still another one for login? Come on!

Enabling pwdb_chkpwd to check passwords of other users is *no worse* than
having an ftp service running as root with exactly the same capability.

--
		Ingo Luetkebohle / 21st Century Digital Boy
dev/consulting Gesellschaft fuer Netzwerkentwicklung und -beratung mbH
url: http://www.devconsult.de/ - fon: 0521-1365800 - fax: 0521-1365803

Follow-Ups:
- Re: /etc/shadow and mod_auth_pam with pam_pwdb
  - From: Savochkin Andrey Vladimirovich <saw@msu.ru>

References:
- Re: /etc/shadow and mod_auth_pam with pam_pwdb
  - From: Savochkin Andrey Vladimirovich <saw@msu.ru>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []