[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] password and user files
- Subject: Re: [cobalt-developers] password and user files
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed Oct 18 20:40:07 2000
- Organization: nobaloney.net
- List-id: Mailing list for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>
Steve Churcher wrote:
> Im trying to write a support section for our company which I want to only be
> available to users of the server, so I have two questions:
>
> 1) Can I include an .htaccess file which uses the main password list for the
> server for authorisation, if so does this maybe cause a security problem???
Maybe I'm wrong, but I have a sneaky feeling the RaQs do this by
default, if you don't include the "AuthPAM_Enabled off" line.
> 2) when they have logged in, is there a way to find out what domain name the
> username is linked to?
I was about to say "Sure, easy, just grep and parse the /etc/passwd
file" until I realized that apache has no idea who has logged in, only
that someone has. After all, apache is stateless; it's actually your
browser that's handling the login.
So you'd need a way for the user to handle his own login, then write a
cookie to his machine with his site name. Then read that cookie on
every request where the site is important.
BTW, this is very generic apache stuff, and there are sites much better
suited for this kind of question.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205