[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /etc/shadow and mod_auth_pam with pam_pwdb



On Sun, 21 Feb 1999, Savochkin Andrey Vladimirovich wrote:
> If I needed to set up such http configuration I'd give to the httpd a separate
> pair of passwd/shadow 
> 1. without root and other powerful accounts, and
> 2. with user passwords different from passwords for the other services.

That can be done easily by using the standard Apache mod_auth. However,
the whole point of mod_auth_pam is not to do this, but use the system
database to have a unified authentication database.

Frankly, creating a completely new authorization database for every
service can't be the solution and I'm quite fed up with this proposal.
Sure, have a password for e-mail, another one for ftp, another one for web
and still another one for login? Come on!

Enabling pwdb_chkpwd to check passwords of other users is *no worse* than
having an ftp service running as root with exactly the same capability.

--
		Ingo Luetkebohle / 21st Century Digital Boy
dev/consulting Gesellschaft fuer Netzwerkentwicklung und -beratung mbH
url: http://www.devconsult.de/ - fon: 0521-1365800 - fax: 0521-1365803 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []