Skip site navigation (1)Skip section navigation (2) 
Date:      Thu,  1 Nov 2001 14:45:01 -0800 (PST)
From:      mw@lanfear.com
To:        BSD Freak <bsd-freak@mbox.com.au>, FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re:.htaccess authentication against /etc/passwd
Message-ID:  <20011101224501.8C57737B405@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

    Personally, I didn't like the idea of having the web server have
direct access to my /etc/master.passwd file (security, security,
security), so what I do is create my own little security file in a
directory and run a PHP script against.  

    The 'passwd' file has the same perms as apache (noboyd.nobody), so
even if somebody does manage to crack Apache, all they get access to
are encrypted passwords to a couple of accounts with low perms.   

    Only real drawback is that I have to keep the two files in Sync,
but that can actually be automated, or at least checked and mailed
nightly ...

    mark.



> -----------------------------
> From:  BSD Freak <bsd-freak@mbox.com.au>
> To:  FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
> Subject:  .htaccess authentication against /etc/passwd
> Sent:  11/02/2001 09:19> 
> 
> 
> Hi everyone,
> 
> I want to be able authenticate web applications users against the 
> system user database (/etc/passwd) rather than maintaining a seperate

> password database. Is this possible? I've searched all over the web
but 
> could not find any concrete answers or HOWTO's . Also useful would be

> to authenticate against LDAP or a MySQL database.... anyone know
where 
> I can get some good detailed info on how to do this?
> 
> Thanks in advance.......
> 
> ---------------------------------------------------------------------
> Your own fax service 24x7, no extra line or fax machine required
> http://www.mbox.com.au
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011101224501.8C57737B405>