 |
 |
 |
 |
|
|
Date: 11/08/00
- Next message: Steven Reed: "RE: [phplib] Stress testing software for PHP and Oracle"
- Previous message: Marko Kaening: "Re: [phplib] Re:crypt-challenge-response-UserAdministration!"
- In reply to: Mitchell Hagerty: "[phplib] authentication via /etc/passwd"
- Next in thread: Jonathan Gale: "Re: [phplib] authentication via /etc/passwd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Nov 07, 2000 at 01:59:30PM -0600, Mitchell Hagerty wrote:
> I've written my app to use phplib session handling but I would like to
> use the login/passwd in the /etc/passwd file for authentication.
> Any thoughts on how to do this? Had it been done?
For detailed info about why HTTP authentication via /etc/passwd is a HUGE
security risk and generally not recommended, see the Apache FAQ at
www.apache.org.
What you _could_ do, however is to use a PAM module to authenticate
against, which uses /etc/passwd. Nevertheless, remember that with every
single web page you request your password goes over the net in clear text.
A simple packet sniffer and anybody in the packets' route can get a login
on your server.
-- Helft Microsoft, den Raubkopierhandel auszurotten: Installiert Linux *Achtung: .pinguin.conetix.de läuft aus, bitte Addressbuch aktualisieren!* http://www.hitchhikers.de/ - Die kostenlose Mitfahrzentrale für ganz Europa
- application/pgp-signature attachment: stored
- Next message: Steven Reed: "RE: [phplib] Stress testing software for PHP and Oracle"
- Previous message: Marko Kaening: "Re: [phplib] Re:crypt-challenge-response-UserAdministration!"
- In reply to: Mitchell Hagerty: "[phplib] authentication via /etc/passwd"
- Next in thread: Jonathan Gale: "Re: [phplib] authentication via /etc/passwd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]