httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greene Paul" <greene_p...@bah.com>
Subject Re: Apache security
Date Fri, 15 Feb 2002 22:47:59 GMT
Thanks for the link, it looks very good.

However, I'm familiarizing myself with Apache in my own experimental
lab, but 3rd party systems I might possibly be looking at won't be under
my control, and I would be looking at them after they've already been
set up (in other words, I won't have any input into how they configure
the system).

So, what kind of password controls are possible with the *standard*
Apache installation?

Thanks

Paul Greene

Saqib.N.Ali@seagate.com wrote:
> 
> Hi,
> I would highly suggest that you make your apache authenticate against a
> LDAP directory. LDAP will help achieve all your objectives. You ca probably
> find a web based LDAP utility as well.
> Here is a tutorial on how to configure your apache to authenticate against
> LDAP.
> http://www.linuxdoc.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/index.html
> 
> In Peace.
> Saqib Ali
> =======================
> Organic Document: Living and evolving document
> For more information on Organic Documents visit http://www.stonebeat.org
> 
> 
>                     "Greene Paul"
>                     <greene_paul@        To:     users@httpd.apache.org
>                     bah.com>             cc:
>                                          Subject:     Apache security
>                     02/15/2002
>                     02:08 PM
>                     Please
>                     respond to
>                     users
> 
> 
> 
> I'm new to Apache and just starting to dive into it, on both Linux and
> OpenBSD platforms.
> 
> A few quick questions about Apache security;
> 
> Is there a way to configure the following requirements regarding
> passwords?
> 
> -minimum password lengths (i.e. at least 8 characters)
> -enforce password complexity requirements (mix of alpha-numeric
> characters, plus special characters)
> -expiration dates (i.e. "expire after 90 days")
> -can users change their own passwords using htpasswd, through a web
> interface (i.e. they don't have command shell access to the htpasswd
> binary)
> 
> The files access_log, error_log, .htpasswd, and httpd.conf, all come
> with default permissions of 644; can they be changed to 600 or 640
> without breaking anything?
> 
> Thanks
> 
> Paul Greene

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message