[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



On Tue, 6 May 1997, Ingo Luetkebohle wrote:

> On Tue, 6 May 1997, Chris Dent wrote:
> > I have further modified the mod_auth_pam.c for Apache created by Ingo
> > Luetkebohle and modified by Michael Johnson.
> 
> Look at <http://blank.pages.de/pam/> It contains an advanced version of
> mod_auth_pam. Now at v0.4, it has libpwdb based group support and
> configurable fall-through to other authentication modules.

I wish I had known about this before I did my grubbing around :) No
matter, I learned a lot in the process.

> That way, it has all the changes you did, save the configurable service
> name. I do *not* consider a configurable service name a good thing. It
> opens up way too much security risks.

I wonder if it might not be valuable to add some sort of
#ifdef NAMEHACK sort of thing to your source to allow the use of
something like AuthPamName in the htaccess file. As a default I can
see why it shouldn't be allowed but it is a valuable function if you
want to have one section of the server be authenticated with shadow,
another with kerberos, another with radius, another with a listfile
that also acts as a listfile for some other server, etc. etc. and you
don't have users on the machine.

..........................
Chris Dent........SysAdmin
...........Kiva Networking



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []