Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

apache authentication via nis



Stephen Adler wrote:
> I think the deal is to restrict http access to https or ssl. Then the 
> username password are encrypted.
> I'm wondering about the fact that the httpd needs read access to the 
> /etc/shadow file, thus opening
> a security hole. Is this a real problem?
> 

No, httpd does not need access to /etc/shadow. It just calls libpam.so, 
which already handles the system-level authentication.

At the server end, mod_auth_pam is as secure as the rest your system
authentication. The risks of using mod_auth_am are at the browser end.


-- 
John Abreau
IT Manager
Zuken USA
238 Littleton Rd., Suite 100
Westford, MA 01886
T: 978-392-1777            F: 978-692-4725
M: 978-764-8934
E: John.Abreau at zuken.com  W: www.zuken.com




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org