Changes between Initial Version and Version 1 of Ticket #11, comment 5


Ignore:
Timestamp:
Sep 3, 2012, 2:55:33 AM (12 years ago)
Author:
adehnert
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11, comment 5

    initial v1  
    88}}}
    99
    10 In particular, symlink attacks, RewriteMap, and various other things can probably be used to make Apache read a file that it can read, so the keytab needs to be not readable to the Apache user. It should be possible to just load it into memory when Apache starts up, though, and then use it for verifying the clients are legitimate.
     10In particular, symlink attacks, RewriteMap, and various other things can probably be used to make Apache output a file that it can read, so the keytab needs to be not readable to the Apache user. It should be possible to just load it into memory when Apache starts up, though, and then use it for verifying the clients are legitimate.