--- Tom Jones <tjones@fastq.com> wrote:
> On Sun, 4 Apr 2004, Steve Holmes wrote:
> 
> > I have Apache 1.3.28 running here and am playing around with a
> > .htaccess file to control access to certain directories on my box. 
> I
> > would like to restrict access to some users that are already on my
> > system.  Apache normally uses a separate password file to secure
> the
> > users in question.  This means a separate password is required to
> gain
> > access to the desired directory.  Is there any way to get Apache to
> > use the standard linux passwords instead of having to create and
> use
> > separate passwords?  I've seen CUPS do exactly this.  I don't
> recall
> > exactly how they go about it but then again, CUPS has its own HTTP
> > processor too.
> > 
> > Any ideas?  Thanks.
> >
> 
> Have you considered mod_auth_pam?  I believe it will do what you're
> after.

But please consider the security implications if you do. Basic
authentication sends the username and password over the wire in
plaintext. If you're not using SSL, then you're sending account
passwords free and clear. Gives me the willies.

You might use Digest instead of Basic, or use SSL.

-A

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss