Johann MacDonagh wrote: > So far, I think that a combination of using <identity > impersonation="true"> in my web.config, along with mod_authnz_external > and pwauth *might* do the trick, but I have no idea. This can be done > easily in IIS, but does anyone have an idea if this will work with > OpenSUSE?
It will not work. Mod_authnz_external & pwauth do not impersonate the apache worker process. Even if mod_authnz_external would do it (a security nightmare IMHO), mod-mono-server, the managed companion of mod_mono, would still run as the apache user because it's running in a separate process. This means that you must run mod-mono-server as root if you want to be able to setuid (impersonate in MS speech), but this is not recommended for several reasons: - the runtime did not receive a security audit regarding setuid. - some parts of the runtime don't cope well with setuid (the IO-layer). - the thread pool (heavily used by ASP.NET and its servers) is definitely not setuid safe because it potentially preforks threads under indefinite uids. Robert _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
