Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 15464 invoked from network); 24 Oct 2003 13:53:17 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 24 Oct 2003 13:53:17 -0000 Received: (qmail 95923 invoked by uid 500); 24 Oct 2003 13:52:53 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 95907 invoked by uid 500); 24 Oct 2003 13:52:53 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 95894 invoked from network); 24 Oct 2003 13:52:52 -0000 Received: from unknown (HELO mail-a.bcc.ac.uk) (144.82.100.21) by daedalus.apache.org with SMTP; 24 Oct 2003 13:52:52 -0000 Received: from pop-c.ucl.ac.uk by mail-a.bcc.ac.uk with SMTP (Mailer) with ESMTP; Fri, 24 Oct 2003 14:52:49 +0100 Received: from avendesora (physiol-94080.physiol.ucl.ac.uk [128.40.94.80]) by pop-c.ucl.ac.uk (8.11.7p1+Sun/8.10.2) with ESMTP id h9ODmu413182 for ; Fri, 24 Oct 2003 14:48:57 +0100 (BST) Reply-To: "Wilfred.Francis" From: Wilfred J G Francis To: users Date: Fri, 24 Oct 2003 14:50:56 +0100 Organization: University College London Message-ID: <000101c39a35$d975b520$505e2880@avendesora> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-UCL-MailScanner: Found to be clean X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] htaccess and unix passwd file - newbie to this list and apache X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Thanks for this, will stick to what I have for the moment till I get to grips with another suggestion, use mod_auth_pam.=20 Ta very much Wilfred -----Original Message----- From: Boyle Owen [mailto:Owen.Boyle@swx.com]=20 Sent: 22 October 2003 13:43 To: users Subject: RE: [users@httpd] htaccess and unix passwd file - newbie to this list and apache >-----Original Message----- >From: Wilfred J G Francis [mailto:ucgbwjf@ucl.ac.uk] > >Is one able to link htaccess password file to Solaris 8 passwd file? I=20 >have installed Apache 2 on a sunbox running Solaris 8 Umm.. in Solaris 8, /etc/passwd doesn't contain the encypted passwords - they're kept in /etc/shadow which is readable only by root. You'd need a root cronjob to copy /etc/shadow to somewhere else where apache can read it (or - heaven forbid - change the permissions on /etc/shadow). Once you do this, it will certainly work as a AuthUserFile since unix and htpasswd use the same hashing algorithm for password encryption. However... It is not very wise to use real live unix passwords in an apache authenticated realm because someone who hacks into the realm will learn a username/password pair for the system. The Basic Authentication scheme is a bit vulnerable to dictionary hacks because: - there is no limit on the number of tries (unix shell limits you to three) - there is no sleep between failed tries (you can hack as fast as the server responds). Unix forces a few seconds of sleep after a failed attempt. - when the real user logs in, there is no alert that there were N unsuccesful tries while you were away (as there is with unix). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored.=20 > >Any help will be greatly appreciated > >Wilfred > >********************************* >Physiology Department >Ext: 33265 >Tel: 020 7679 3265 >Email: Wilfred.Francis@ucl.ac.uk >********************************* > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP >Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Swiss = Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec l'activit=E9 boursi=E8re de la SWX Swiss Exchange. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org