10 | | In particular, symlink attacks, RewriteMap, and various other things can probably be used to make Apache read a file that it can read, so the keytab needs to be not readable to the Apache user. It should be possible to just load it into memory when Apache starts up, though, and then use it for verifying the clients are legitimate. |
| 10 | In particular, symlink attacks, RewriteMap, and various other things can probably be used to make Apache output a file that it can read, so the keytab needs to be not readable to the Apache user. It should be possible to just load it into memory when Apache starts up, though, and then use it for verifying the clients are legitimate. |