You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Don Russell <ru...@gmail.com> on 2007/05/19 22:16:00 UTC
[users@httpd] Digest auth and password files
I have a directory set upon my Apache server so that it can be accessed
at home without a password, but if I'm "outside" then I get prompted for
a userid and password. I use Digest authentication because I don't want
to bother with an SSL certificate. This is for my own household use, no
corporate secrets etc. :-)
Apache 2.2.4-2 on Linux Fedora Core 6
Is there a way for Apache to use the same userid/password file that is
used when I log on to the Linux system or do I *have* to create a new
password file just for Apache users?
If that's the case, is there a way to keep them in synch so that if I
change my password for Linux access, that same password can be used for
the web site/directory access?
Thank you
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Digest auth and password files
Posted by Don Russell <ru...@gmail.com>.
Joshua Slive wrote:
> On 5/19/07, Don Russell <ru...@gmail.com> wrote:
>> I have a directory set upon my Apache server so that it can be accessed
>> at home without a password, but if I'm "outside" then I get prompted for
>> a userid and password. I use Digest authentication because I don't want
>> to bother with an SSL certificate. This is for my own household use, no
>> corporate secrets etc. :-)
>>
>> Apache 2.2.4-2 on Linux Fedora Core 6
>>
>> Is there a way for Apache to use the same userid/password file that is
>> used when I log on to the Linux system or do I *have* to create a new
>> password file just for Apache users?
>>
>> If that's the case, is there a way to keep them in synch so that if I
>> change my password for Linux access, that same password can be used for
>> the web site/directory access?
>
> Start here:
> http://httpd.apache.org/docs/1.3/misc/FAQ.html#passwdauth
> then if you still want to do it, there are various 3rd party modules
> like mod_auth_pam and mod_auth_external that can do the job. I've
> never used any of them, so I don't know what works best.
Thanks Joshua. That raises some good points.... I watch my other logs
and frequently see people trying to get access to various guessed
userids. I often add their IP address range to my router block list as a
result.... Based on that FAQ, people could do the same thing via the web
access and I may not be aware of it. :-(
The inconvenience is only slight to maintain a separate password file
for Apache digest use... :-)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Digest auth and password files
Posted by Joshua Slive <jo...@slive.ca>.
On 5/19/07, Don Russell <ru...@gmail.com> wrote:
> I have a directory set upon my Apache server so that it can be accessed
> at home without a password, but if I'm "outside" then I get prompted for
> a userid and password. I use Digest authentication because I don't want
> to bother with an SSL certificate. This is for my own household use, no
> corporate secrets etc. :-)
>
> Apache 2.2.4-2 on Linux Fedora Core 6
>
> Is there a way for Apache to use the same userid/password file that is
> used when I log on to the Linux system or do I *have* to create a new
> password file just for Apache users?
>
> If that's the case, is there a way to keep them in synch so that if I
> change my password for Linux access, that same password can be used for
> the web site/directory access?
Start here:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#passwdauth
then if you still want to do it, there are various 3rd party modules
like mod_auth_pam and mod_auth_external that can do the job. I've
never used any of them, so I don't know what works best.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org