Like many sites, much of the stuff we might want to protect would be
protected at a relatively low level, and be available to large subsets
of our users. We use NIS for distributing authorisation info (bad
idea I know).
I'd like to be make a change to the httpd protection stuff to enable
other sources of authorisation info than flat files. The sort of
change I was wondering about was to change the spec for the passwd &
group files to allow this sort of spec:-
PasswordFile /some/flat/file # ie as present
PasswordFile //nis:nis_map_name # use NIS map nis_map_name
PasswordFile //dbm:/dbm/file/spec # DBM hashed password file
PasswordFile //netinfo:/net/in/spec # NeXT netinfo
[not sure about the netinfo - since it is richer than NIS it could
present more problems...] Group file specs would look similar.
The main advantages this would give is keyed lookups (saving in time
when accessing auth info), flexibility - you can keep info in (say)
NIS, and it doesn't *have* to be just in a NIS system passwd file.
As an extension to this, NIS netgroups could also be used to control
access - both for hosts and users. However this needs slightly more
serious mods to the appropriate areas of httpd.
[Pause while dons asbestos underware]
Any comments on this please....?
Nigel.
-- - Nigel Metheringham -- EMail: nm4@unix.york.ac.uk nigelm@ohm.york.ac.uk - - System Administrator, Electronics Dept, University of York, York YO1 5DD - - Tel: +44 904 432374, Fax: +44 904 432335 | PGP key available from WWW - - WWW: http://www.amp.york.ac.uk/~nm4/ | -