[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Apache PAM Auth module



Hi,

On Monday 31 March 2008 20:42:05 Kenneth Geisshirt wrote:
> The reason for my interest is that I (and a group of friends) have a
> subversion repositories with HTTP access. It seems like a good idea to
> use PAM as part of the .htaccess file.

have you considered using mod_auth(nz)_external or mod_auth(n)_sasl for this 
task? The main concern I had using mod_auth_pam in httpd was that it does not 
work with shadow passwords unless you grant httpd access to /etc/shadow. I 
think that's a bad idea.

With the modules mentioned above you can use PAM as well, but the actual 
authentication is done after an indirection and takes place outside of the 
httpd process. Of course you need some other elevated entity to 
access /etc/shadow then. In case of mod_auth(nz)_external that is a suid-root 
binary (pwauth). In case of mod_auth(n)_sasl it is saslauthd, which you might 
already be using if you host secure SMTP, IMAP or LDAP on the box.

Regards
Heiko


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]