httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurent Blume <>
Subject [users@httpd] Security of using /etc/passwd
Date Thu, 13 Nov 2003 12:44:41 GMT
Hello all,

I remember reading, some years ago, that it was possible to use /etc/passwd to
authenticate in Apache (as a .htpasswd), but that it was strongly discouraged
because of the security issues that might arise.

However, I can't find that information anymore in Apache documentation,
particularly the security tips...

Is it now impossible to do it at all, or not considered bad anymore, or did I
simply miss the information?

My goal is to convince somebody that replicating the Unix users in Apache's
config is not the Right Way To Do It.
If I'm wrong on that, you're welcome to tell me why, maybe I'm outdated on this :-)



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message