Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

apache authentication via nis



I think the deal is to restrict http access to https or ssl. Then the 
username password are encrypted.
I'm wondering about the fact that the httpd needs read access to the 
/etc/shadow file, thus opening
a security hole. Is this a real problem?

John Abreau wrote:
> Stephen Adler wrote:
>> Thanks Andrew, from what I can tell mod_auth_pam is not an official 
>> apache module,
>> but a 3rd party one. am I correct about that? There also seems to be 
>> an perl one out there
>> as well. I'm wondering how secure these 3rd party modules are...
>>
>
> mod_auth_pam uses the same authentication as your shell account. That 
> means when you use it in an unencrypted HTTP session, you're sending
> your password in clear text.
>
> If you limit use of mod_auth_pam to SSL-encrypted sessions, you
> eliminate this problem.
>
>





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org