[rt-users] secure apache & rt?

Ayan R. Kayal ayan.kayal at yale.edu
Mon Aug 20 18:02:01 EDT 2001


On Mon, 20 Aug 2001, Sheeri Kritzer wrote:

> So, I'm working on making my apache a secure webserver (my group thinks
> plaintext passwords of any kind must die) and I was wondering if anybody
> had any suggestions on how to proceed.
>
> The easiest way to compile apache+ssl, according to my group's guru, is to
> compile and install mod_ssl and use apache+ssl, making all the modules
> DSO.  I vaguely know that using mod_perl as a DSO makes life harder for us
> RT admins.  But not compiling modules DSO makes making a secure webserver
> harder.
>
> anybody solve this problem yet?  maybe someone wrote an add-in for rt to
> make it secure?

We use an external auth that is secure (by SSL), but I've installed SSL on
a machine without using DSO. I used mod_ssl and openssl. I don't
understand why using a DSO would make security more difficult. And I would
think that you could install SSL as a DSO, and mod_perl as not, anyway.
Just because using DSO is the "easiest way," doesn't mean it's the best
way.

			~ARK





More information about the rt-users mailing list