Re: Apache & mod_auth_pam
>From the keyboard of Hans,
> On Wednesday 26 September 2001 23:30, Waldemar Brodkorb wrote:
> > Hello *,
> > I have a small problem with the userauthentification (.htacess)
> > with auth PAM modul for Apache.
> > Probably it is more a problem with useradd.
> > At the moment I'm using mod_auth_pam for userauthentication on
> > special webfolders. /etc/shadow have to be accessed by apache
> > userid. (chgrp www-data /etc/shadow)
> > Now the problem:
> > Everytime I add a new user with useradd the group of /etc/shadow is
> > changed back to group shadow and userauthentication fails.
> > How I can manage this situation?
> Add the user www-data to the group shadow. What you also can do is not
> using mod_auth_pam but the old fashion way. Generate a htpasswd for the
> .htaccess-files. With some simple scripting and cron you can do this.
> And second some password-results aren't exposed like the root-pw and
> the accounts to maintain the machine.
How the root-pw or hash of it could be exposed?
Only If the Apache is exploited or I'm wrong?
thanks. Life could be so easy with a little bit more use of the