On 10/26/05, Gordon Thagard <gordon@xxxxxxxxxxx> wrote: > I see your point regarding sudo. This opens up a can of security-related > worms. Could anyone suggest a safe, reliable way to authenticate users > via Apache and then execute code as the user to do things like: > > * change passwords > * turn off/on vacation It is not sudo itself that is dangerous, it is the whole concept. See http://httpd.apache.org/docs/1.3/misc/FAQ.html#passwdauth for discussion of some of the issues. If I really had to do this, I would probably use an ordinary CGI script on the apache-side, which would communicate with another program that would use sudo to make the actual changes. The key would be making the communication channel between the cgi script and this other program as simple and secure as possible, and assuring that input is checked carefully at each stage of processing. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|