Run the sites in different apache processes so that only those that need access to the shadow file are in the process that has it. All the others are in another one.
You do need 2 IPs for this
Ah, ok, not necessary right now as I don't have untrusted local users.
Meanwhile, it might be good to have something in the README or INSTALL indicating that systems using shadow passwords need to allow the web server to read the shadow file.
I've modified Petr Kristof's SPEC file for an RPM, in case anyone's interested in building an RPM for this. The SPEC file and the SRPM can be found here:
<http://www.sewingwitch.com/ken/SRPMS/>
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
