Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Stephen Adler wrote: > I think the deal is to restrict http access to https or ssl. Then the > username password are encrypted. > I'm wondering about the fact that the httpd needs read access to the > /etc/shadow file, thus opening > a security hole. Is this a real problem? > No, httpd does not need access to /etc/shadow. It just calls libpam.so, which already handles the system-level authentication. At the server end, mod_auth_pam is as secure as the rest your system authentication. The risks of using mod_auth_am are at the browser end. -- John Abreau IT Manager Zuken USA 238 Littleton Rd., Suite 100 Westford, MA 01886 T: 978-392-1777 F: 978-692-4725 M: 978-764-8934 E: John.Abreau at zuken.com W: www.zuken.com
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |