Re: apache sys_auth_module on slink
Hello Fraser
Thanks to you and others who responded to my call. This lay in my
in tray a while as I have not had much time to look at it.
On 14 Jan 00, at 16:06, Fraser Campbell wrote:
> > > I have installed it from the package libapache_mod_auth_sys
> > > version 1.10-4.1 deb file.
>
> Well, I'm using the latest version of this module just fine on Slink (ver.
> is 1.10-4.2) with shadow support. The problem I suspect is that your
> apache is running as www-data.www-data and cannot access /etc/shadow.
> The the way got it to work is by running Apache as
> www-data.shadow. I don't think it is too bad a risk since I've
> made sure symlinks to /etc/shadow will not be followed by Apache.
> I'm sure that a smart user could grab shadow but it's not a concern
> in my application.
I am sure that this is part of the problem.
I have now tried adding the user www-data to group shadow, and
as an alternative of getting the same result, I tried a line "Group
shadow" in my httpd.conf file.
Both give the same results. The page prompts for authentication
and then Netscape freezes with lots of "connecting to server"
messages flashing on the bottom line. I have to stop apache or kill
netscape to get out of this loop.
However I am using version 1.10-4.1 which is the latest I can find on
ftp.debian.org in the "stable" tree. (It is not in potato at all, it must
have moved into a different package.)
Maybe 1.10-4.2 will fix this other problem. Where can I get it?
How do people feel about running apache with group shadow
access?
Thanks
Ian
---------------------------------------------------------------------
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 +21 683-1388 Fax: +27 +21 64-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
---------------------------------------------------------------------
Reply to: