Re: Apache & mod_auth_pam

[Waldemar Brodkorb <waldemar@thinknow.de>]

>From the keyboard of Hans,

> On Wednesday 26 September 2001 23:30, Waldemar Brodkorb wrote:
> > Hello *,
> >
> > I have a small problem with the userauthentification (.htacess)
> > with auth PAM modul for Apache.
> > Probably it is more a problem with useradd.
> >
> > At the moment I'm using mod_auth_pam for userauthentication on
> > special webfolders. /etc/shadow have to be accessed by apache
> > userid. (chgrp www-data /etc/shadow)
> >
> > Now the problem:
> > Everytime I add a new user with useradd the group of /etc/shadow is
> > changed back to group shadow and userauthentication fails.
> >
> > How I can manage this situation?
> 
> Add the user www-data to the group shadow. What you also can do is not 
> using mod_auth_pam but the old fashion way. Generate a htpasswd for the 
> .htaccess-files. With some simple scripting and cron you can do this. 
> And second some password-results aren't exposed like the root-pw and 
> the accounts to maintain the machine.

How the root-pw or hash of it could be exposed?
Only If the Apache is exploited or I'm wrong?

thanks. Life could be so easy with a little bit more use of the
brain ;)

bye
    Waldemar