Hello,
I would like to be able to use existing entries from /etc/passwd file to
authenticate users before they can access RoR application, run behind
apache on
Debian Linux.
Few quections:
1) did anybody used
AuthUserFile /etc/apache/my_converted_passwd_file
in /etc/apache/httpd.conf
to do this?
2) assuming this works as it should, haw should I get username
information
In python/cgi module that would be
os.environ.get(''REMOTE_USER'')
3) where is the proper place in RoR application directory tree to code
it (== get username, UID, GID, group_name and then display on the top
of the each accessed page:
User X, group Y, access priviledge regular/superuser
Sorry for rather naive questions but I am just starting with RoR.
Thanks a lot for your help.
Darek
--
Posted via http://www.ruby-forum.com/.
> I would like to be able to use existing entries from /etc/passwd file to > authenticate users before they can access RoR application, run behind > apache on > Debian Linux.As a rule of thumb, I''d say this is a bad idea, as a malicious party could use your rails login system to brute force your user''s passwords. While this could be done with any application, putting your actual UNIX login passwords on the front line is probably a bad idea. Discussion of why using /etc/passwd for web based authentication is discussed in more detail here: http://httpd.apache.org/docs/1.3/misc/FAQ.html#passwdauth I''d recommend fresh passwords for this (or any) application, rather than using existing passwords, such as those in /etc/passwd. Hope that helps, Andy
andy wrote:>> I would like to be able to use existing entries from /etc/passwd file to >> authenticate users before they can access RoR application, run behind >> apache on >> Debian Linux. > > As a rule of thumb, I''d say this is a bad idea, as a malicious party > could use your rails login system to brute force your user''s passwords. > While this could be done with any application, putting your actual UNIX > login passwords on the front line is probably a bad idea.Agreed ;-). I should have mentioned that all this (passwords + RoR/Apache server) are for a closed Intranet only. Using the existing usernames/passwd does not open an extra hole and is easier for the end-users and us (database for RoR will contain links to result files on Samba server with permissions determined by Intranet-wide usernames/passwds). Thanks for your help Darek -- Posted via http://www.ruby-forum.com/.