httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject Re: Patch to allow use of password file as auth DB (from USENET)
Date Wed, 10 May 1995 16:41:00 GMT
>What his patch does is permit people to say "AuthUserFile +" and then
>it will allow the use of NIS to find username-password information
>instead of special password files for httpd.

I'm against this patch, for two reasons.
Firstly, as Roy has said, it would encourage sloppy security.
Secondly, this patch is very unportable. It is NIS specific, but is tied
to using the passwd.byname table. Letting NIS (or especially NIS+) near apache
can have severe performance effects.


View raw message