Some people think it is better to disable the ability to load device drivers using modules, because an intruder could load a Trojan module or a module that could affect system security.

However, in order to load modules, you must be root. The module object files are also only writable by root. This means the intruder would need root access to insert a module. If the intruder gains root access, there are more serious things to worry about than whether he will load a module.

Modules are for dynamically loading support for a particular device that may be infrequently used. On server computers, or firewalls for instance, this is very unlikely to happen. For this reason, it would make more sense to compile support directly into the kernel for machines acting as servers. Modules are also slower than support compiled directly in the kernel.

See the section called “Root Security”. This is done intentionally to prevent remote users from attempting to connect via telnet to your computer as root, which is a serious security vulnerability, because then the root password would be transmitted, in clear text, across the network. Don't forget: potential intruders have time on their side, and can run automated programs to find your password. Additionally, this is done to keep a clear record of who logged in, not just root.

Simply install the package mod_ssl, and consult the documentation at mod_ssl home page.

You might also try ZEDZ net which has many pre-built packages, and is located outside of the United States.

Your Mandrake Linux distribution contains a great number of tools to change the properties of user accounts.

All these programs are “shadow-aware” – that is, if you enable shadow they will use /etc/shadow for password information, otherwise they won't.

I bet you didn't know about http://www.apacheweek.org, did you?

You can find information on user authentication at apacheweek as well as other web server-security tips from Apache.