CERN httpd - Protection passwords and groups

Nigel Metheringham <>
Date: Thu, 9 Jun 1994 13:37:38 +0200
Message-id: <>
Precedence: bulk
From: Nigel Metheringham <>
To: Multiple recipients of list <>
Subject: CERN httpd - Protection passwords and groups
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas

The current protection scheme in the CERN httpd uses unix like passwd
and group files.  These are sequentially read on each protected access
check - which could be a problem if you have large numbers of users in
these databases.

Like many sites, much of the stuff we might want to protect would be
protected at a relatively low level, and be available to large subsets
of our users.  We use NIS for distributing authorisation info (bad
idea I know).

I'd like to be make a change to the httpd protection stuff to enable
other sources of authorisation info than flat files.  The sort of
change I was wondering about was to change the spec for the passwd &
group files to allow this sort of spec:-

	PasswordFile	/some/flat/file		# ie as present
	PasswordFile	//nis:nis_map_name	# use NIS map nis_map_name
	PasswordFile	//dbm:/dbm/file/spec	# DBM hashed password file
	PasswordFile	//netinfo:/net/in/spec	# NeXT netinfo

[not sure about the netinfo - since it is richer than NIS it could
present more problems...]  Group file specs would look similar.

The main advantages this would give is keyed lookups (saving in time
when accessing auth info), flexibility - you can keep info in (say)
NIS, and it doesn't *have* to be just in a NIS system passwd file.

As an extension to this, NIS netgroups could also be used to control
access - both for hosts and users.  However this needs slightly more
serious mods to the appropriate areas of httpd.

[Pause while dons asbestos underware]
Any comments on this please....?


- Nigel Metheringham  --  EMail: -
- System Administrator, Electronics Dept, University of York, York YO1 5DD -
- Tel: +44 904 432374, Fax: +44 904 432335 | PGP key available from WWW    -
- WWW:     |                               -