apache authentication via nis
John Abreau
john.abreau at zuken.com
Thu Aug 17 17:23:43 EDT 2006
Stephen Adler wrote:
> Thanks Andrew, from what I can tell mod_auth_pam is not an official
> apache module,
> but a 3rd party one. am I correct about that? There also seems to be an
> perl one out there
> as well. I'm wondering how secure these 3rd party modules are...
>
mod_auth_pam uses the same authentication as your shell account. That
means when you use it in an unencrypted HTTP session, you're sending
your password in clear text.
If you limit use of mod_auth_pam to SSL-encrypted sessions, you
eliminate this problem.
--
John Abreau
IT Manager
Zuken USA
238 Littleton Rd., Suite 100
Westford, MA 01886
T: 978-392-1777 F: 978-692-4725
M: 978-764-8934
E: John.Abreau at zuken.com W: www.zuken.com
More information about the Discuss
mailing list