FreeLists / dokuwiki / [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?

[dokuwiki] || [Date Prev] [08-2006 Date Index] [Date Next] || [Thread Prev] [08-2006 Thread Index] [Thread Next]

[dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?

From: Dave Kliczbor <maligree@xxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Sun, 06 Aug 2006 05:19:46 +0200

hello there...

Michael Edwards schrieb:
> Is it secure/a Good Idea to use the local machine accounts in a web
> environment?

From the README of libapache2-mod-auth-pam package for Debian:

  SECURITY

  To use with standard Debian configuration you have to add "www-data"
  user to "shadow" group. Be careful! It means it can be readable by
  anyone who can run its own CGI script!

  The passwords are sent by net as clear text. You should use SSL to
  protect them.

You'll have to be more paranoid. Therefore, you might consider PAM-Auth
a Bad Idea.

cu
 Dave KLiczbor


-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

References:
- [dokuwiki] using Pluggable Authentication Modules to authenticate users ?
  - From: Sebastien Sacard
- [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
  - From: Dave Kliczbor
- [dokuwiki] Re: using Pluggable Authentication Modules to authenticate users ?
  - From: Michael Edwards