Re: [users@httpd] Leaner httpd

Tue, 15 May 2007 12:15:39 -0700 

--- Joshua Slive <[EMAIL PROTECTED]> wrote:

> On 5/15/07, Grant Peel <[EMAIL PROTECTED]> wrote:
> 
> > # Dynamic Shared Object (DSO)    Support
> > #LoadModule authn_file_module   
> libexec/apache22/mod_authn_file.so
> > #LoadModule authn_dbm_module   
> libexec/apache22/mod_authn_dbm.so
> > #LoadModule authn_anon_module   
> libexec/apache22/mod_authn_anon.so
> > #LoadModule authn_default_module   
> libexec/apache22/mod_authn_default.so
> > #LoadModule authn_alias_module   
> libexec/apache22/mod_authn_alias.so
> > #LoadModule authz_host_module   
> libexec/apache22/mod_authz_host.so
> > #LoadModule authz_groupfile_module   
> libexec/apache22/mod_authz_groupfile.so
> > #LoadModule authz_user_module   
> libexec/apache22/mod_authz_user.so
> > #LoadModule authz_dbm_module   
> libexec/apache22/mod_authz_dbm.so
> > #LoadModule authz_owner_module   
> libexec/apache22/mod_authz_owner.so
> > #LoadModule authz_default_module   
> libexec/apache22/mod_authz_default.so
> >            As far as I know, we don't use anything
> for database type authentication.    Remove?
> 
> You'll probably want to keep mod_authz_host.
> 
> >
> > LoadModule auth_basic_module   
> libexec/apache22/mod_auth_basic.so
> >         Looks like    this is used for htaccess
> type authentication keep it.
> 
> If you are doing basic auth, then you also need some
> other modules
> from above. See:
> http://httpd.apache.org/docs/2.2/howto/auth.html
> For example, you probably want to keep at least
> mod_authn_file,
> mod_authn_default, mod_authz_user,
> mod_authz_groupfile, and
> mod_authz_default.


If you are running a hosting service you must be
authenticating your clients somehow, even if with just
the basic authentication. Or are you letting any
cracker who guesses the url access the control panel
system for your client's webspace?
[ not likely, no-one is that crazed :) ]

Jaqui


      Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to