Quote:
Originally Posted by unSpawn
If you use 'em please read the "security considerations" part. Increase your mana additionally by pondering the reasons for applications to *not* require /etc/shadow access but use the "virtual user" concept instead.
|
yep, i did
the fact is this is an internal lan server that almost only serves as svn repository and trac. having to manage different auths for shell/svn/trac etc really goes beyond the added risk of having www-data access the shadow pw file
btw since currently there isn't a main deb package for mod_auth_shadow, I found out that you can achieve the same result using mod_auth_pam and pointing to /etc/shadow as AuthUserFile
thanks again for your suggestions