On Fri, Jan 12, 2007 at 10:08:24PM -0500, Michael Olson wrote: > "Adam Chlipala" <[EMAIL PROTECTED]> writes: > > > We may even want to only enable userdirs on mire, to keep all member > > web serving in one place. Any thoughts on this? > > Hmm. It would depend on whether we still want to allow users to have > static web content served by deleuze's apache instance. They should > be permitted only one choice of machine (mire or deleuze) per domain > name, but they might legitimately opt to use deleuze to serve their > hcoop.net/~user/ area. > > >> * apache2/passwds: Copied over from fyodor. > > > > I'd still love to replace these separate passwords with an Apache > > module that would use system passwords. Has the situation changed > > since we last looked into this, such that someone can recommend a > > good, secure way of doing that? > > This <http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html> looks > promising, since we are going to be using LDAP for user authentication > (or so /etc/nsswitch.conf on deleuze indicates). Should I try it out?
We use Kerberos for auth, the password field in ldap is empty. So you should find a way which uses PAM to make this work. Alternatively, we could install saslauthd and configure LDAP to use SASL passwd mechanism, and then configure sasl to look up into the kerberos DB, but this has been problematic to set up. > > -- > Michael Olson -- FSF Associate Member #652 -- http://www.mwolson.org/ > Interests: Lisp, text markup, protocols -- Jabber: mwolson_at_hcoop.net > /` |\ | | | Projects: Emacs, Muse, ERC, EMMS, Planner, ErBot, DVC > |_] | \| |_| Reclaim your digital rights by eliminating DRM. > See http://www.defectivebydesign.org/what_is_drm for details. > _______________________________________________ > HCoop-SysAdmin mailing list > [email protected] > http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
