[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: /etc/shadow and mod_auth_pam with pam_pwdb



On Sun, Feb 21, 1999 at 01:11:06PM +0100, Ingo Luetkebohle wrote:
> On Sun, 21 Feb 1999, Savochkin Andrey Vladimirovich wrote:
> > If I needed to set up such http configuration I'd give to the httpd a separate
> > pair of passwd/shadow 
> > 1. without root and other powerful accounts, and
> > 2. with user passwords different from passwords for the other services.
> 
> That can be done easily by using the standard Apache mod_auth. However,
> the whole point of mod_auth_pam is not to do this, but use the system
> database to have a unified authentication database.
> 
> Frankly, creating a completely new authorization database for every
> service can't be the solution and I'm quite fed up with this proposal.
> Sure, have a password for e-mail, another one for ftp, another one for web
> and still another one for login? Come on!

If you have the same passwords for different services you must to ensure that
all the services are equivalently hard to be spied and cracked.  If you use
POP3, FTP and other protocols without measures to protect their confidentiality
you certainly can have the same password for those services.  On the other hand
passwords for login or ssh are protected against compromises.  So it would be
unwise to use the same passwords for web.

> 
> Enabling pwdb_chkpwd to check passwords of other users is *no worse* than
> having an ftp service running as root with exactly the same capability.

For users being able to invoke processes the modified pwdb_chkpwd is orders of
magnitude more efficient than ftp service.  Even non local users are able to
invoke pwdb_chkpwd directly e.g. if users are allowed to put their own cgi-bin
scripts.  In addition sane ftp server configurations deny access to the
powerful accounts.

I don't know the exact situation of the person asked the original questions.
If he want to provide the password protection only for web pages and his users
don't have any other access to the system the suggestion for the separate
password file has no sense.  However in many situations the suggested measures
are the only way to help users to protect their data.  Whether the administrator
wants to provide such a help and whether users want it is the other question.

Regards
					Andrey V.
					Savochkin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []