Date: Fri, 12 Jul 2002 23:17:47 +0000 (GMT) From: "Nielsen" <nielsen@memberwebs.com> To: <freebsd-security@FreeBSD.ORG>, "Steve" <sprasadi@addr.com> Subject: Re: plain text passwords Message-ID: <20020712231747.6EFBB43B396@mail.npubs.com> References: <5.1.0.14.0.20020712114822.00ba8a20@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
You should use an authentication module that uses hashed passwords. And secondly you usually shouldn't authenticate against the system passwords. But if you have to, try to find a solution that doesn't give the the apache user (www, or nobody or whatever) read access to your shaddow passwords. One thing I used which worked well was the cyrus-sasl pwcheck daemon. Apache has a module which authenticates against it. The pwcheck daemon runs as root, relieving apache of the above need. Cheers, Nate ----- Original Message ----- From: "Steve" <sprasadi@addr.com> To: <freebsd-security@FreeBSD.ORG> Sent: Friday, July 12, 2002 0:21 Subject: plain text passwords > Hi all, > > I need to have plain text passwords in /etc/passwd. How can I get it? I > need this for password protecting a web directory using /etc/passwd > > Thanks, > > Steve > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020712231747.6EFBB43B396>