BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

apache authentication via nis

Subject: apache authentication via nis
From: john.abreau at zuken.com (John Abreau)
Date: Thu, 17 Aug 2006 18:16:43 -0400
In-reply-to: <44E4DF7B.8020200@stephenadler.com>
References: <44E4C5B2.10508@stephenadler.com> <c8ec85e70608171249s2fa60c86vf3ddb2e8296b3a9c@mail.gmail.com> <44E4DA10.2010703@stephenadler.com> <44E4DE5F.5000907@zuken.com> <44E4DF7B.8020200@stephenadler.com>

Stephen Adler wrote:
> I think the deal is to restrict http access to https or ssl. Then the 
> username password are encrypted.
> I'm wondering about the fact that the httpd needs read access to the 
> /etc/shadow file, thus opening
> a security hole. Is this a real problem?
> 

No, httpd does not need access to /etc/shadow. It just calls libpam.so, 
which already handles the system-level authentication.

At the server end, mod_auth_pam is as secure as the rest your system
authentication. The risks of using mod_auth_am are at the browser end.

-- 
John Abreau
IT Manager
Zuken USA
238 Littleton Rd., Suite 100
Westford, MA 01886
T: 978-392-1777            F: 978-692-4725
M: 978-764-8934
E: John.Abreau at zuken.com  W: www.zuken.com

References:
- apache authentication via nis
  - From: adler at stephenadler.com (Stephen Adler)
- apache authentication via nis
  - From: a.medico at gmail.com (Andrew Medico)
- apache authentication via nis
  - From: adler at stephenadler.com (Stephen Adler)
- apache authentication via nis
  - From: john.abreau at zuken.com (John Abreau)
- apache authentication via nis
  - From: adler at stephenadler.com (Stephen Adler)

Prev by Date: apache authentication via nis
Next by Date: subversion
Previous by thread: apache authentication via nis
Next by thread: apache authentication via nis
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org