Re: Apache & mod_auth_pam

To: debian-isp@lists.debian.org
Subject: Re: Apache & mod_auth_pam
From: Waldemar Brodkorb <waldemar@thinknow.de>
Date: Fri, 28 Sep 2001 13:29:50 +0200
Message-id: <[🔎] 20010928132949.C602@thinknow.de>
Mail-followup-to: debian-isp@lists.debian.org
Reply-to: Waldemar Brodkorb <waldemar@thinknow.de>
In-reply-to: <[🔎] Pine.BSO.4.21.0109271349130.7431-100000@sloth.wcug.wwu.edu>
References: <[🔎] 20010927203732.F5527@thinknow.de> <[🔎] Pine.BSO.4.21.0109271349130.7431-100000@sloth.wcug.wwu.edu>

>From the keyboard of Jeremy,

> > > > At the moment I'm using mod_auth_pam for userauthentication on
> > > > special webfolders. /etc/shadow have to be accessed by apache
> 
> > > And second some password-results aren't exposed like the root-pw and 
> > > the accounts to maintain the machine.
> > 
> > How the root-pw or hash of it could be exposed?
> 
> If you are using standard http user authentication is is not encrypted or
> secure. The usernames and passwords are passwd via plain text.

O.k. that is clear. But nobody login as root to see some webalizer
statistics. Only userpasswords could be seen, but if you have
ftp-accounts you also could sniff the passwords.

bye
    Waldemar

Reply to:

References:
- Re: Apache & mod_auth_pam
  - From: Waldemar Brodkorb <waldemar@thinknow.de>
- Re: Apache & mod_auth_pam
  - From: "Jeremy C. Reed" <reed@wcug.wwu.edu>

Prev by Date: Re: server mirroring spam
Next by Date: vmailmgr issue
Previous by thread: Re: Apache & mod_auth_pam
Next by thread: kernel: eth0: Memory squeeze, deferring packet.
Index(es):
- Date
- Thread