Hi all,
I really like apache, subversion and encryption. Maintaining files through subversion + apache already works very well, but sensitive files have to be encrypted. Encrypting files before check-in is cumbersome and makes your respository a binary mess.

I thought apache could help decrypting files (like a svn repository) on authentication. Unfortunately I could not find a working solution anywhere and nothing about impersonation, thus I tried it myself. This is what I tried:

encfs (encrypted user land file system) + libpam_encfs (decrypts home directories on the fly) + libapache2-mod-auth-pam (autentication with pam)

1. automatic mounting of the encrypted directory (/var/www/encrypted) on login (from shell) works
2. autentification through pam on a website (through apache) works
3. both combined - does not work:
reading the supposedly mounted directory from apache does not work, the file does not appear in directory listings

I tried many user/group/permission combinations and now I am a bit stuck.
What I did not yet try is to recompile apache with -DBIG_SECURITY_HOLE to access everything from root, I guess this is discouraged :-)

I guess this might have to with privilege seperation: http://oss.metaparadigm.com/apache-privsep/
Would that patch help me? Is there anything like that for Apache2?
Does anyone know of any alternative?

Regards,
André

ps. My /etc/pam.d/apache2
@include common-auth
@include common-account
auth required pam_encfs.so
session required pam_encfs.so

Snipplet from enabled site:
AuthType Basic
AuthName "Secure"
Require user encrypted
AuthPAM_Enabled on


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to