Joshua Slive wrote:
On 5/19/07, Don Russell <russell.don@xxxxxxxxx> wrote:I have a directory set upon my Apache server so that it can be accessed at home without a password, but if I'm "outside" then I get prompted for a userid and password. I use Digest authentication because I don't want to bother with an SSL certificate. This is for my own household use, no corporate secrets etc. :-) Apache 2.2.4-2 on Linux Fedora Core 6 Is there a way for Apache to use the same userid/password file that is used when I log on to the Linux system or do I *have* to create a new password file just for Apache users? If that's the case, is there a way to keep them in synch so that if I change my password for Linux access, that same password can be used for the web site/directory access?Start here: http://httpd.apache.org/docs/1.3/misc/FAQ.html#passwdauth then if you still want to do it, there are various 3rd party modules like mod_auth_pam and mod_auth_external that can do the job. I've never used any of them, so I don't know what works best.
Thanks Joshua. That raises some good points.... I watch my other logs and frequently see people trying to get access to various guessed userids. I often add their IP address range to my router block list as a result.... Based on that FAQ, people could do the same thing via the web access and I may not be aware of it. :-(
The inconvenience is only slight to maintain a separate password file for Apache digest use... :-)
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|