[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mod_auth_pam



On Sun, 2005-09-11 at 23:50, Tim wrote:
> On Thu, 2005-09-08 at 11:55 -0400, Rodolfo Alcázar wrote:
> > I want to authenticate apache users with the system
> > userfiles (/etc/passwd and shadow). I read I can do that with
> > mod_auth_pam, but I cant find RPM or apache modules, neither clear
> > procedures in google. Where can I find it or what other solution is
> > recommendable?
> 
> I was under the idea that was a *very* bad idea.  Generally, HTTP
> authentication information is sent unencrypted.  You really don't want
> user log-on credentials sent where someone can snoop on them.
> 
> However, the same problem exists with fetching your mail.

If you don't want http authentication in the clear, use https. 
Everything else is the same.  Likewise for the ssl versions of
pop/imap/smtp.  It is still sort-of a bad idea to make the
/etc/shadow file readable by the apache group which you have
to do for mod_auth_pam.

-- 
  Les Mikesell
   lesmikesell gmail com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]