On Sun, Jun 30, 2002, Orna Agmon wrote about "Re: Apache vs. Samba authentication": >... > main disadvantages: the passwd file is not protected in /etc/shadow, and > is created once a (day?). on the other hand, the script which extracts the > passwd file from the database also runs under regular user privileges, so > it actually begins with yp configuration problem. >...
One thing you should watch out for in such a setup and using Apache's basic authentication is that the user+password pair is passed unencrypted over the network. So typically, the users' real passwords should not be used, especially not over the Internet. There are two ways you can get around this security problem: use SSL (install Apache with Modssl) or use different passwords for the unsecure connections than you use for shell logins. -- Nadav Har'El | Sunday, Jun 30 2002, 21 Tammuz 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |A diplomat thinks twice before saying http://nadav.harel.org.il |nothing. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
