On Sun, 2005-09-11 at 23:50, Tim wrote: > On Thu, 2005-09-08 at 11:55 -0400, Rodolfo Alcázar wrote: > > I want to authenticate apache users with the system > > userfiles (/etc/passwd and shadow). I read I can do that with > > mod_auth_pam, but I cant find RPM or apache modules, neither clear > > procedures in google. Where can I find it or what other solution is > > recommendable? > > I was under the idea that was a *very* bad idea. Generally, HTTP > authentication information is sent unencrypted. You really don't want > user log-on credentials sent where someone can snoop on them. > > However, the same problem exists with fetching your mail. If you don't want http authentication in the clear, use https. Everything else is the same. Likewise for the ssl versions of pop/imap/smtp. It is still sort-of a bad idea to make the /etc/shadow file readable by the apache group which you have to do for mod_auth_pam. -- Les Mikesell lesmikesell@xxxxxxxxx
