Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

apache authentication via nis



Stephen Adler wrote:
> ...from what I can tell mod_auth_pam is not an official apache
> module, but a 3rd party one.
> I'm wondering how secure these 3rd party modules are...
...
> I think the deal is to restrict http access to https or ssl. Then the 
> username password are encrypted.

It should be noted that one of the reasons why it generally isn't 
recommended to use something like mod_auth_pam authentication, even with 
SSL, is that unlike sshd and other shell login mechanisms, there is no 
limit on the speed or quantity of login attempts (unless they've fixed 
this in recent years), which can leave your machine vulnerable to brute 
force attacks, or even with strong passwords, the denial-of-service side 
effects of such attacks.

If access to the web server isn't inherently limited to a LAN, you 
should consider limiting access (via Apache or a software or hardware 
firewall) to a specific network or set of IPs.

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org