Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Message-ID: <3B9CA07D.BE8676E1@Golux.Com>
Date: Mon, 10 Sep 2001 07:14:05 -0400
From: Rodent of Unusual Size <Ken.Coar@Golux.Com>
Organization: The Apache Software Foundation
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: [PATCH] Enhancement to mod_auth
References: <20010810183941.A9153@Lithium.MeepZor.Com>
 <20010907082556.A16815@Lithium.MeepZor.Com>
 <006301c13827$f58f6520$24162e9c@roweclan.net>
 <20010908084947.D21743@Lithium.MeepZor.Com>
 <000601c138f1$2097fd30$93c0b0d0@roweclan.net>
 <20010909090042.B29986@Lithium.MeepZor.Com>
 <00b501c13950$e61b99e0$93c0b0d0@roweclan.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

"William A. Rowe, Jr." wrote:
> 
> It is as secure as any other _Apache_ authn/authz
> configuration, I suppose.  It needs to be clear that
> it is _not_ as secure as os kernel authn/authz.
> 
> This is pretty obvious to us, but might not be so
> obvious to some admins.  Because we are tying the
> 'user' or 'group' to an os placeholder, they need
> to know it's only as strong as the _Apache_
> configuration allows, and that this isn't a kernel
> authn/authz.  Unlike suexec, which compares os kernel
> identifies between the symlink and it's target, we
> are comparing an Apache admin's identifer to an os
> kernel identifier.  Does that make sense?

Now it does, yes.  I will see that the documentation
make it clear.  Thanks for clarifying!  We were in
agreement all along, but just did not know on what. :-)
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"All right everyone!  Step away from the glowing hamburger!"