Apache PAM Auth module
Kenneth Geisshirt
kenneth at geisshirt.dk
Wed Apr 2 07:30:42 UTC 2008
Quoting Heiko Hund <heiko at ist.eigentlich.net>:
> Hi,
>
> On Monday 31 March 2008 20:42:05 Kenneth Geisshirt wrote:
>> The reason for my interest is that I (and a group of friends) have a
>> subversion repositories with HTTP access. It seems like a good idea to
>> use PAM as part of the .htaccess file.
>
> have you considered using mod_auth(nz)_external or mod_auth(n)_sasl for this
> task? The main concern I had using mod_auth_pam in httpd was that it does not
> work with shadow passwords unless you grant httpd access to /etc/shadow. I
> think that's a bad idea.
You have a point in respect to the shadow issue. Typically, I only add
the apache user
to the shadow group and the httpd process does not run under this
group. Moreover, for
an internal web server/subversion repository this might not be so big
a problem.
But I'll take a look at mod_auth(nz)_* modules - it seems to be worth it.
Thanks,
kneth
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Pam-list
mailing list