Mass Flexible Authentication -- Help!

Mass Flexible Authentication -- Help!

Post by Franklin L. Peterse » Thu, 02 Apr 1998 04:00:00



I have an Apache server running on HP-UX 10.20 and we are looking at the
ability to password protect some directories.

I am familiar with .htaccess, however, we are in need of permitting nearly
200 users and would like to regurally rotate passwords, 60 days, to keep it
safe.

Are there any good utils for Apache (1.2.3) that we can look into for this?

Thanks,

Frank

 
 
 

Mass Flexible Authentication -- Help!

Post by Cliff Hi » Sat, 04 Apr 1998 04:00:00


One method which works is to do the information transfer dynamically from a
database. Have password protection through a script or other cgi program which
extracts and builds the page-views after authentication. Then you can use any
password management approach you wish.


>I have an Apache server running on HP-UX 10.20 and we are looking at the
>ability to password protect some directories.

>I am familiar with .htaccess, however, we are in need of permitting nearly
>200 users and would like to regurally rotate passwords, 60 days, to keep it
>safe.

>Are there any good utils for Apache (1.2.3) that we can look into for this?

>Thanks,

>Frank


 
 
 

1. ADVICE: Most flexible distributed authentication model?

This is using Linux 2.0.30 on Redhat 4.1 and 4.2 Intel (Pentium and
Pentium Pro) machines.

I have several Linux boxes which all in some way use the same
collection of users and passwords for user validation and
authentication. We currently use ssh to distribute /etc/passwd and
/etc/shadow around to the various machines and then use PAM to limit
access as necessary (so, for example, people can authenticate against
radius running on a machine, but not actually log in).

We have over 3500 accounts and we are beginning to experience slowness
problems with the linear search of passwd and shadow. We would like to
move to some sort of system that uses a hashed database for user and
password information. In the process it seems wise to go ahead an
upgrade our entire authentication model so that we can most flexibly
managed machines and users.

We'd like to stick with base that RedHat provides with PAM and pwdb.
That layered model has all sorts of advantages.

I've been looking into NIS/NYS, Kerberos (4 and 5), and getting pwdb to
deal with gdbm files (that are then distributed from machine to machine)
as possible options.

I think that NIS may be the way to go, but I've been brought up with a
bit of stigma against it because of the security problems it has had in
the past.

I would be very interesting in hearing from people who are in the
middle of the same process or have already been through it. Or if you
are aware of some resource that might be helpful that would be very
helpful.

Thanks.

--
..........................
Chris Dent........SysAdmin
...........Kiva Networking

2. what glibc do I need for kde 2.1

3. Solaris x86 Flexible Boot Solution with NT (needs a little help)

4. Sendmail.cf configuration

5. mass storage help

6. Virus Help!

7. New to cable net - Have Mediaone in Mass - please help

8. Windows 3.11/95 emulator fro Linux ???

9. USB mass storage device help

10. HELP:Create mass account.

11. Help on Mass Renaming of Files

12. NIC-Related Mass Lockups -- Help!

13. Help bring Uber (cross-platform game networking API) to the masses!