www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Daguerre <jacques.dague...@st.com>
Subject general/5555: Porting of a Cern HTTPD web site to Apache 1.3.9N
Date Fri, 07 Jan 2000 07:02:43 GMT

>Number:         5555
>Category:       general
>Synopsis:       Porting of a Cern HTTPD web site to Apache 1.3.9N
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Thu Jan 06 23:10:00 PST 2000
>Originator:     jacques.daguerre@st.com
>Release:        1.3.9
Linux RedHat 6.1, Apache 1.3.9
First, I'm sorry to use this form . I do not really have a problem. 
I have ported an old intranet server running on a Sun4/Solaris with the CERN httpd server
to a Linux RedHat 6.1 using Apache 1.3.9.
One of the(many) difficulty that I had was that several perl scripts (CGI-BIN) are using a
binary utility called HTADM from the CERN HTTPD package to check the password of the users
I got the source of the CERN HTTPD from the w3c web site compiled it for my linux and everything
is fine, I can use exactly the same scripts without modification.

All of this to ask you all ?? why is there no alternative to this HTADM binary utility for
Apache ..
Is there any concern with security doing a system("htadm -check passwordfile $user_Id $userpasswd");
type of command in a CGI-BIN ??

BTW the reason for it is that you want to make sure the user at the keyboard is the real user
who authenticated sometimes quite a long time before sending a new command to the browser.
In a company environment it is very easy for a user to go on someone else machine and post
nasty stuff using somebody's else logon.
This never really happened but it could . In this case the htadm -check passwd is really useful..

Is there any alternative to htadm within Apache..?
Thks for yr support,

 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message