apache authentication via nis

John Abreau john.abreau at zuken.com
Thu Aug 17 17:23:43 EDT 2006

Stephen Adler wrote:
> Thanks Andrew, from what I can tell mod_auth_pam is not an official 
> apache module,
> but a 3rd party one. am I correct about that? There also seems to be an 
> perl one out there
> as well. I'm wondering how secure these 3rd party modules are...

mod_auth_pam uses the same authentication as your shell account. That 
means when you use it in an unencrypted HTTP session, you're sending
your password in clear text.

If you limit use of mod_auth_pam to SSL-encrypted sessions, you
eliminate this problem.

John Abreau
IT Manager
Zuken USA
238 Littleton Rd., Suite 100
Westford, MA 01886
T: 978-392-1777            F: 978-692-4725
M: 978-764-8934
E: John.Abreau at zuken.com  W: www.zuken.com

More information about the Discuss mailing list