From owner-freebsd-questions Thu Nov 1 14:45:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from akira.lanfear.com (akira.lanfear.com [216.168.61.84]) by hub.freebsd.org (Postfix) with SMTP id 8C57737B405 for ; Thu, 1 Nov 2001 14:45:01 -0800 (PST) Received: (qmail 12981 invoked from network); 1 Nov 2001 22:43:53 -0000 Received: from c1854262-a.sttln1.wa.home.com (HELO sakura) (24.255.90.101) by akira.lanfear.com with SMTP; 1 Nov 2001 22:43:53 -0000 From: mw@lanfear.com To: BSD Freak , FreeBSD Questions Subject: Re:.htaccess authentication against /etc/passwd MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Kiltdown 0.7 Message-Id: <20011101224501.8C57737B405@hub.freebsd.org> Date: Thu, 1 Nov 2001 14:45:01 -0800 (PST) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Personally, I didn't like the idea of having the web server have direct access to my /etc/master.passwd file (security, security, security), so what I do is create my own little security file in a directory and run a PHP script against. The 'passwd' file has the same perms as apache (noboyd.nobody), so even if somebody does manage to crack Apache, all they get access to are encrypted passwords to a couple of accounts with low perms. Only real drawback is that I have to keep the two files in Sync, but that can actually be automated, or at least checked and mailed nightly ... mark. > ----------------------------- > From: BSD Freak > To: FreeBSD Questions > Subject: .htaccess authentication against /etc/passwd > Sent: 11/02/2001 09:19> > > > Hi everyone, > > I want to be able authenticate web applications users against the > system user database (/etc/passwd) rather than maintaining a seperate > password database. Is this possible? I've searched all over the web but > could not find any concrete answers or HOWTO's . Also useful would be > to authenticate against LDAP or a MySQL database.... anyone know where > I can get some good detailed info on how to do this? > > Thanks in advance....... > > --------------------------------------------------------------------- > Your own fax service 24x7, no extra line or fax machine required > http://www.mbox.com.au > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message