Ravindra Jaju wrote:
> I presumed that two Apache servers were needed in fact.
>
> That might be the case when you need to run one apache server
> as some other more priviledged user who has access to database.
> If the owner of the server-process has access to the database too,
> then there is no need for passwords.
I don't even understand what you are trying to say here. Apache runs as
nobody:nobody by default,
and that is enough for me. If it has to access a postgres database, all I
will do is to edit /etc/group to put
nobody in the postgres group, and make all relevant files group-writable. I
will still ask for
passwords, though.
I will still have to add the user nobody to postgres. :-)
> OTOH, if there is only one process, either all users get access to the
> database, or the person needing database access will have to store
> the password in clear text in some file in which case the database
> becomes vulnerable and all (malicious) users can still have access.
Even with apache, there is absolutely no need for cleartext passwords. Do
you know how apache
authenticates a password? It has a few (configurable) instances of a
program (usually one called ncsa_auth, comes
with apache distribution) running, which takes a string of the form
username:passwd and prints either OK or ERR
on stdout. You can always replace ncsa_auth with any program you like (even
one that you intend to write) so long
as the program follows the above rule. How this program verifies the
password is another question. It might be /etc/passwd,
/etc/shadow, or even more complex stuff like MD5 or Kerberos. It can even
print ERR for everything. :-)
Binand
PS: I have successfully configured and installed Cyrus imapd on a machine
(just barebones, nothing spectacular). Would people
like a writeup on the installation process? I noticed the documentation on
Cyrus is very poor, and it is extremely
complex to run (but a boon to service providers).
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
