httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greene Paul" <>
Subject Re: Apache security
Date Fri, 15 Feb 2002 22:47:59 GMT
Thanks for the link, it looks very good.

However, I'm familiarizing myself with Apache in my own experimental
lab, but 3rd party systems I might possibly be looking at won't be under
my control, and I would be looking at them after they've already been
set up (in other words, I won't have any input into how they configure
the system).

So, what kind of password controls are possible with the *standard*
Apache installation?


Paul Greene wrote:
> Hi,
> I would highly suggest that you make your apache authenticate against a
> LDAP directory. LDAP will help achieve all your objectives. You ca probably
> find a web based LDAP utility as well.
> Here is a tutorial on how to configure your apache to authenticate against
> In Peace.
> Saqib Ali
> =======================
> Organic Document: Living and evolving document
> For more information on Organic Documents visit
>                     "Greene Paul"
>                     <greene_paul@        To:
>           >             cc:
>                                          Subject:     Apache security
>                     02/15/2002
>                     02:08 PM
>                     Please
>                     respond to
>                     users
> I'm new to Apache and just starting to dive into it, on both Linux and
> OpenBSD platforms.
> A few quick questions about Apache security;
> Is there a way to configure the following requirements regarding
> passwords?
> -minimum password lengths (i.e. at least 8 characters)
> -enforce password complexity requirements (mix of alpha-numeric
> characters, plus special characters)
> -expiration dates (i.e. "expire after 90 days")
> -can users change their own passwords using htpasswd, through a web
> interface (i.e. they don't have command shell access to the htpasswd
> binary)
> The files access_log, error_log, .htpasswd, and httpd.conf, all come
> with default permissions of 644; can they be changed to 600 or 640
> without breaking anything?
> Thanks
> Paul Greene

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message